remove OpenSSL support

I thought some time about this, we have it in parallel some time and
it have issues for allmodconfig builds.
Anyway I have no fun doing openssl updates twice a week.
We just can not support stunnel/ssltunnel anymore.
For nodejs we use bundled openssl.

I am an old OpenBSD geek anyway, so get rid of OpenSSL.

docs/adding-packages-manual.txt

@@ -23,8 +23,8 @@ scripts.
 09: PKG_HASH:=		62333167b79afb0b25a843513288c67b59547acf653e8fbe62ee64e71ebd1587
 10: PKG_DESCR:=		foo library
 11: PKG_SECTION:=	libs
-12: PKG_BUILDDEP:=	openssl
-13: PKG_DEPENDS:=	libopenssl
+12: PKG_BUILDDEP:=	libressl
+13: PKG_DEPENDS:=	libressl
 14: PKG_URL:=		http://www.libfoo.org/
 15: PKG_SITES:=		http://download.libfoo.org/
 16:

mk/build.mk

@@ -28,14 +28,6 @@ DEFCONFIG=		ADK_DEBUG=n \
 			ADK_PACKAGE_BASE_FILES=y \
 			ADK_PACKAGE_KEXECINIT=n \
 			ADK_PACKAGE_CLASSPATH=n \
-			ADK_PACKAGE_OPENSSL=n \
-			ADK_PACKAGE_AUFS_UTIL=n \
-			ADK_PACKAGE_LIBOPENSSL=n \
-			ADK_PACKAGE_LIBOPENSSL_DEV=n \
-			ADK_PACKAGE_LIBOPENSSL_WITH_CRYPTODEV=n \
-			ADK_PACKAGE_OPENSSL_PKCS11=n \
-			ADK_PACKAGE_OPENSSL_UTIL=n \
-			ADK_PACKAGE_SSLTUNNEL=n \
 			ADK_PACKAGE_LM_SENSORS_DETECT=n \
 			ADK_PACKAGE_CRYPTINIT=n \
 			ADK_STATIC_TOOLCHAIN=n \

package/.template/Makefile

@@ -36,20 +36,20 @@ PKG_SITES:=		add download url without package name
 # flavour description
 #PKGFD_WITH_SSL:=	enable SSL support
 # flavour runtime dependency, package name
-#PKGFS_WITH_SSL:=	libopenssl
+#PKGFS_WITH_SSL:=	libressl
 # flavour build time dependency, package dir
-#PKGFB_WITH_SSL:=	openssl
+#PKGFB_WITH_SSL:=	libressl
 
 # define your choices for your package here, f.e. different SSL implementations
-#PKG_CHOICES_PKGNAME:=	WITH_OPENSSL WITH_GNUTLS
+#PKG_CHOICES_PKGNAME:=	WITH_LIBRESSL WITH_GNUTLS
 # package description for each choice
-#PKGCD_WITH_OPENSSL:=	SSL support via OpenSSL library
-#PKGCD_WITH_GNUTLS:=	SSL support via GNUTLS library
+#PKGCD_WITH_LIBRESSL:=	ssl support via libressl library
+#PKGCD_WITH_GNUTLS:=	ssl support via gnutls library
 # package build time dependencies
-#PKGCB_WITH_OPENSSL:=	openssl
+#PKGCB_WITH_LIBRESSL:=	libressl
 #PKGCB_WITH_GNUTLS:=	gnutls
 # package runtime dependencies
-#PKGCS_WITH_OPENSSL:=	libopenssl
+#PKGCS_WITH_LIBRESSL:=	libressl
 #PKGCS_WITH_GNUTLS:=	libgnutls
 
 # if downloaded package is not ending with .tar.xz use following

package/aircrack-ng/Makefile

@@ -9,22 +9,14 @@ PKG_RELEASE:=		1
 PKG_HASH:=		ba5b3eda44254efc5b7c9f776eb756f7cc323ad5d0813c101e92edb483d157e9
 PKG_DESCR:=		set of tools for auditing wireless networks
 PKG_SECTION:=		net/wifi
-PKG_DEPENDS:=		libpcap libnl
-PKG_BUILDDEP:=		libpcap libnl
+PKG_DEPENDS:=		libpcap libnl libressl
+PKG_BUILDDEP:=		libpcap libnl libressl
 PKG_NEEDS:=		threads
 PKG_URL:=		http://www.aircrack-ng.org/
 PKG_SITES:=		http://download.aircrack-ng.org/
 # do not build parallel, otherwise libosdep.a may not be ready when compiling airtun-ng
 PKG_NOPARALLEL:=	1
 
-PKG_CHOICES_AIRCRACK_NG:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}-rc2.tar.gz
 WRKDIST=		${WRKDIR}/${PKG_NAME}-${PKG_VERSION}-rc2
 

package/asterisk/Makefile

@@ -9,21 +9,13 @@ PKG_RELEASE:=		2
 PKG_HASH:=		7b3d84a3403fce590377808eaa4b08b6320666ca0e37eba0ad578b66211b13c8
 PKG_DESCR:=		open source pbx
 PKG_SECTION:=		net/voip
-PKG_DEPENDS:=		libncurses libcurl
-PKG_BUILDDEP:=		ncurses zlib curl popt
+PKG_DEPENDS:=		libncurses libcurl libressl
+PKG_BUILDDEP:=		ncurses zlib curl popt libressl
 PKG_NEEDS:=		threads c++
 PKG_URL:=		http://www.asterisk.org/
 PKG_SITES:=		http://downloads.asterisk.org/pub/telephony/asterisk/releases/
 PKG_NOPARALLEL:=	1
 
-PKG_CHOICES_ASTERISK:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
-
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
 PKG_LIBC_DEPENDS:=	uclibc-ng glibc

package/bind/Makefile

@@ -9,22 +9,14 @@ PKG_RELEASE:=		1
 PKG_HASH:=		f8d412b38d5ac390275b943bde69f4608f67862a45487ec854b30e4448fcb056
 PKG_DESCR:=		dns server
 PKG_SECTION:=		net/dns
-PKG_DEPENDS:=		libxml2
-PKG_BUILDDEP:=		libxml2
+PKG_DEPENDS:=		libxml2 libressl
+PKG_BUILDDEP:=		libxml2 libressl
 PKG_NEEDS:=		c++
 PKG_URL:=		https://www.isc.org/software/bind/
 PKG_SITES:=		ftp://ftp.isc.org/isc/bind9/${PKG_VERSION}/
 PKG_LIBNAME:=		libbind
 PKG_OPTS:=		dev
 
-PKG_CHOICES_LIBBIND:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
-
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
 PKG_SUBPKGS:=		LIBBIND BIND_SERVER BIND_NSUPDATE BIND_RNDC BIND_CHECK BIND_DNSSEC BIND_HOST BIND_DIG

package/bitlbee/Makefile

@@ -9,19 +9,11 @@ PKG_RELEASE:=		1
 PKG_HASH:=		408a737b35db4b9c407e3db09b2d2e7b528836a68e2d783373254b78812bf608
 PKG_DESCR:=		irc gateway to im chat networks
 PKG_SECTION:=		app/chat
-PKG_DEPENDS:=		glib
-PKG_BUILDDEP:=		glib
+PKG_DEPENDS:=		glib libressl
+PKG_BUILDDEP:=		glib libressl
 PKG_URL:=		http://www.bitlbee.org/
 PKG_SITES:=		http://get.bitlbee.org/src/
 
-PKG_CHOICES_BITLBEE:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
-
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
 include ${ADK_TOPDIR}/mk/package.mk

package/crda/Makefile

@@ -21,10 +21,7 @@ PKGFD_WITH_UDEV:=	install shipped udev rules
 PKGFS_WITH_UDEV:=	udev
 PKGFB_WITH_UDEV:=	eudev
 
-PKG_CHOICES_CRDA:=	WITH_LIBRESSL WITH_OPENSSL WITH_GCRYPT
-PKGCD_WITH_OPENSSL:=	ssl support via openssl library
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
+PKG_CHOICES_CRDA:=	WITH_LIBRESSL WITH_GCRYPT
 PKGCD_WITH_LIBRESSL:=	ssl support via libressl library
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl
@@ -39,7 +36,7 @@ $(eval $(call PKG_template,CRDA,crda,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS
 CONFIG_STYLE:=		manual
 ALL_TARGET:=		all_noverify
 
-ifneq ($(ADK_PACKAGE_CRDA_WITH_OPENSSL)$(ADK_PACKAGE_CRDA_WITH_LIBRESSL),)
+ifneq ($(ADK_PACKAGE_CRDA_WITH_LIBRESSL),)
 XAKE_FLAGS+=		USE_OPENSSL=1
 endif
 

package/cryptodev-linux/Makefile

@@ -9,18 +9,12 @@ PKG_RELEASE:=		1
 PKG_HASH:=		67fabde9fb67b286a96c4f45b594b0eccd0f761b495705c18f2ae9461b831376
 PKG_DESCR:=		device that allows access to kernel cryptographic drivers
 PKG_SECTION:=		app/crypto
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_KDEPENDS:=		crypto-aead crypto-algapi crypto-manager
 PKG_URL:=		http://home.gna.org/cryptodev-linux/
 PKG_SITES:=		http://download.gna.org/cryptodev-linux/
 
-PKG_CHOICES_CRYPTODEV_LINUX:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
 include $(ADK_TOPDIR)/mk/package.mk

package/ctorrent/Makefile

@@ -9,20 +9,14 @@ PKG_RELEASE:=		2
 PKG_HASH:=		c87366c91475931f75b924119580abd06a7b3cb3f00fef47346552cab1e24863
 PKG_DESCR:=		console-based bittorrent client
 PKG_SECTION:=		app/p2p
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_NEEDS:=		c++
 PKG_URL:=		http://www.rahul.net/dholmes/ctorrent
 PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=dtorrent/}
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_CTORRENT:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,CTORRENT,ctorrent,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))

package/curl/Makefile

@@ -27,20 +27,17 @@ PKGSS_LIBCURL:=		zlib
 PKG_FLAVOURS_CURL:=	WITH_IPV6
 PKGFD_WITH_IPV6:=	enable ipv6 support
 
-PKG_CHOICES_CURL:=	WITHOUT_SSL WITH_LIBRESSL WITH_GNUTLS WITH_OPENSSL WITH_WOLFSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_CURL:=	WITH_LIBRESSL WITH_GNUTLS WITH_WOLFSSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCS_WITH_LIBRESSL:=	libressl ca-certificates libgmp
 PKGCB_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates libgmp
-PKGCB_WITH_OPENSSL:=	openssl
 PKGCD_WITH_GNUTLS:=	use gnutls for crypto
 PKGCS_WITH_GNUTLS:=	libgnutls ca-certificates libgmp
 PKGCB_WITH_GNUTLS:=	gnutls
 PKGCD_WITH_WOLFSSL:=	use wolfssl for crypto
 PKGCS_WITH_WOLFSSL:=	wolfssl ca-certificates
 PKGCB_WITH_WOLFSSL:=	wolfssl
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include ${ADK_TOPDIR}/mk/host.mk
 include ${ADK_TOPDIR}/mk/package.mk
@@ -49,12 +46,7 @@ $(eval $(call HOST_template,CURL,curl,${PKG_VERSION}-${PKG_RELEASE}))
 $(eval $(call PKG_template,CURL,curl,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 $(eval $(call PKG_template,LIBCURL,libcurl,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_LIBCURL},${PKGSD_LIBCURL},${PKGSC_LIBCURL},${PKG_OPTS}))
 
-ifeq (${ADK_PACKAGE_CURL_WITHOUT_SSL},y)
-CONFIGURE_ARGS+=	--without-ssl \
-			--without-gnutls \
-			--without-axtls
-endif
-ifeq (${ADK_PACKAGE_CURL_WITH_OPENSSL},y)
+ifeq (${ADK_PACKAGE_CURL_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	--with-ssl="${STAGING_TARGET_DIR}/usr" \
 			--without-gnutls \
 			--without-axtls
@@ -70,6 +62,11 @@ CONFIGURE_ARGS+=	--with-cyassl="${STAGING_TARGET_DIR}/usr" \
 			--without-gnutls \
 			--without-axtls
 endif
+ifeq (${ADK_PACKAGE_CURL_WITHOUT_SSL},y)
+CONFIGURE_ARGS+=	--without-ssl \
+			--without-gnutls \
+			--without-axtls
+endif
 
 CONFIGURE_ENV+=		curl_typeof_curl_socklen_t=socklen_t
 CONFIGURE_ARGS+=	--enable-cookies \

package/cyrus-sasl/Makefile

@@ -9,20 +9,14 @@ PKG_RELEASE:=		2
 PKG_HASH:=		8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3
 PKG_DESCR:=		general purpose authentication library
 PKG_SECTION:=		libs/crypto
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_URL:=		http://cyrusimap.org/
 PKG_SITES:=		ftp://ftp.cyrusimap.org/cyrus-sasl/
-PKG_NOPARALLEL:=	1
 PKG_LIBNAME:=		libsasl2
 PKG_OPTS:=		dev
 
-PKG_CHOICES_CYRUS_SASL:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
+PKG_NOPARALLEL:=	1
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 

package/dillo/Makefile

@@ -9,20 +9,12 @@ PKG_RELEASE:=		1
 PKG_HASH:=		db1be16c1c5842ebe07b419aa7c6ef11a45603a75df2877f99635f4f8345148b
 PKG_DESCR:=		small graphical web browser
 PKG_SECTION:=		x11/apps
-PKG_DEPENDS:=		libfltk libxi libpng zlib libjpeg-turbo
-PKG_BUILDDEP:=		fltk libXi libjpeg-turbo libpng zlib
+PKG_DEPENDS:=		libfltk libxi libpng zlib libjpeg-turbo libressl
+PKG_BUILDDEP:=		fltk libXi libjpeg-turbo libpng zlib libressl
 PKG_NEEDS:=		threads cxx
 PKG_URL:=		http://www.dillo.org/
 PKG_SITES:=		http://www.dillo.org/download/
 
-PKG_CHOICES_DILLO:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 PKG_HOST_DEPENDS:=	!cygwin
 PKG_ARCH_DEPENDS:=	x86 x86_64 mips arm
 

package/dovecot/Makefile

@@ -9,17 +9,11 @@ PKG_RELEASE:=		1
 PKG_HASH:=		d8d9f32c846397f7c22749a84c5cf6f59c55ff7ded3dc9f07749a255182f9667
 PKG_DESCR:=		minimal and secure imap server
 PKG_SECTION:=		net/mail
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_URL:=		http://www.dovecot.org/
 PKG_SITES:=		http://www.dovecot.org/releases/2.2/
 
-PKG_CHOICES_DOVECOT:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 DISTFILES:=		$(PKG_NAME)-$(PKG_VERSION).tar.gz
 
 include $(ADK_TOPDIR)/mk/package.mk

package/elinks/Makefile

@@ -11,6 +11,7 @@ PKG_DESCR:=		advanced text web browser
 PKG_SECTION:=		app/browser
 PKG_URL:=		http://elinks.or.cz/
 PKG_SITES:=		http://elinks.or.cz/download/
+
 PKG_NOPARALLEL:=	1
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
@@ -18,14 +19,11 @@ DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 PKG_FLAVOURS_ELINKS:=	WITH_IPV6
 PKGFD_WITH_IPV6:=	enable IPv6 support
 
-PKG_CHOICES_ELINKS:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_ELINKS:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include ${ADK_TOPDIR}/mk/package.mk
 
@@ -63,9 +61,6 @@ else
 CONFIGURE_ARGS+=	--disable-ipv6
 endif
 
-ifeq ($(ADK_PACKAGE_ELINKS_WITH_OPENSSL),y)
-CONFIGURE_ARGS+=	--with-openssl='${STAGING_TARGET_DIR}/usr'
-endif
 ifeq ($(ADK_PACKAGE_ELINKS_WITH_LIBRESSL),y)
 CONFIGURE_ARGS+=	--with-openssl='${STAGING_TARGET_DIR}/usr'
 endif

package/elinks/patches/patch-src_network_ssl_ssl_c

@@ -0,0 +1,16 @@
+--- elinks-0.11.7.orig/src/network/ssl/ssl.c	2009-08-22 13:15:08.000000000 +0200
++++ elinks-0.11.7/src/network/ssl/ssl.c	2016-09-30 18:47:20.022831750 +0200
+@@ -49,11 +49,8 @@ init_openssl(struct module *module)
+ 	 * cannot initialize the PRNG and so every attempt to use SSL fails.
+ 	 * It's actually an OpenSSL FAQ, and according to them, it's up to the
+ 	 * application coders to seed the RNG. -- William Yodlowsky */
+-	if (RAND_egd(RAND_file_name(f_randfile, sizeof(f_randfile))) < 0) {
+-		/* Not an EGD, so read and write to it */
+-		if (RAND_load_file(f_randfile, -1))
+-			RAND_write_file(f_randfile);
+-	}
++	if (RAND_load_file(f_randfile, -1))
++		RAND_write_file(f_randfile);
+ 
+ 	SSLeay_add_ssl_algorithms();
+ 	context = SSL_CTX_new(SSLv23_client_method());

package/fetchmail/Makefile

@@ -12,24 +12,19 @@ PKG_SECTION:=		net/mail
 PKG_URL:=		http://www.fetchmail.info
 PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=fetchmail/}
 
-PKG_CHOICES_FETCHMAIL:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_FETCHMAIL:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,FETCHMAIL,fetchmail,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
+AUTOTOOL_STYLE:=	autoreconf
 CONFIGURE_ARGS+=	--without-hesiod
 
-ifeq (${ADK_PACKAGE_FETCHMAIL_WITH_OPENSSL},y)
-CONFIGURE_ARGS+=	--with-ssl='${STAGING_TARGET_DIR}/usr'
-endif
 ifeq (${ADK_PACKAGE_FETCHMAIL_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	--with-ssl='${STAGING_TARGET_DIR}/usr'
 endif

package/fetchmail/patches/patch-config_h_in

@@ -0,0 +1,13 @@
+--- fetchmail-6.3.26.orig/config.h.in	2013-04-23 23:36:55.000000000 +0200
++++ fetchmail-6.3.26/config.h.in	2016-09-29 16:00:20.679625413 +0200
+@@ -53,6 +53,10 @@
+    if you don't. */
+ #undef HAVE_DECL_SSLV2_CLIENT_METHOD
+ 
++/* Define to 1 if you have the declaration of `SSLv3_client_method', and to 0
++   if you don't. */
++#undef HAVE_DECL_SSLV3_CLIENT_METHOD
++
+ /* Define to 1 if you have the declaration of `strerror', and to 0 if you
+    don't. */
+ #undef HAVE_DECL_STRERROR

package/fetchmail/patches/patch-configure

@@ -1,12 +0,0 @@
---- fetchmail-6.3.9.orig/configure	2008-11-16 15:18:49.000000000 +0100
-+++ fetchmail-6.3.9/configure	2009-06-12 22:27:25.000000000 +0200
-@@ -13176,9 +13176,6 @@ then
-     { echo "$as_me:$LINENO: Enabling OpenSSL support in $with_ssl." >&5
- echo "$as_me: Enabling OpenSSL support in $with_ssl." >&6;}
-     test "$with_ssl" != "/usr" && CFLAGS="$CFLAGS -I$with_ssl/include"
--    ### In Red Hat 9, this file includes a reference to <krb5.h>, so we
--    ### force the Kerberos direcory onto the include path so it will build.
--    CFLAGS="$CFLAGS -I/usr/kerberos/include"
-     ###	OpenBSD comes with ssl headers
-   else
-     { { echo "$as_me:$LINENO: error: SSL support enabled, but OpenSSL not found" >&5

package/fetchmail/patches/patch-configure_ac

@@ -0,0 +1,10 @@
+--- fetchmail-6.3.26.orig/configure.ac	2013-04-23 22:51:10.000000000 +0200
++++ fetchmail-6.3.26/configure.ac	2016-09-29 16:00:20.683625569 +0200
+@@ -803,6 +803,7 @@ fi
+ 
+ case "$LIBS" in *-lssl*)
+ 	AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
++	AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>])
+ 	;;
+ esac
+ 

package/fetchmail/patches/patch-fetchmail_c

@@ -0,0 +1,15 @@
+--- fetchmail-6.3.26.orig/fetchmail.c	2013-04-23 22:00:45.000000000 +0200
++++ fetchmail-6.3.26/fetchmail.c	2016-09-29 16:00:20.683625569 +0200
+@@ -263,6 +263,12 @@ int main(int argc, char **argv)
+ #ifdef SSL_ENABLE
+ 	"+SSL"
+ #endif
++#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0
++	"-SSLv2"
++#endif
++#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0
++	"-SSLv3"
++#endif
+ #ifdef OPIE_ENABLE
+ 	"+OPIE"
+ #endif /* OPIE_ENABLE */

package/fetchmail/patches/patch-socket_c

@@ -0,0 +1,20 @@
+--- fetchmail-6.3.26.orig/socket.c	2013-04-23 22:00:45.000000000 +0200
++++ fetchmail-6.3.26/socket.c	2016-09-29 16:00:20.683625569 +0200
+@@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char
+ #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
+ 			_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+ #else
+-			report(stderr, GT_("Your operating system does not support SSLv2.\n"));
++			report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
+ 			return -1;
+ #endif
+ 		} else if(!strcasecmp("ssl3",myproto)) {
++#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0
+ 			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
++#else
++			report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
++			return -1;
++#endif
+ 		} else if(!strcasecmp("tls1",myproto)) {
+ 			_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
+ 		} else if (!strcasecmp("ssl23",myproto)) {

package/freeradius-client/Makefile

@@ -9,18 +9,11 @@ PKG_RELEASE:=		2
 PKG_HASH:=		478bfb7ec00789af150acf6a231bc9b0731d06353c7fe36a8fd6d4d83e42a07f
 PKG_DESCR:=		radius client
 PKG_SECTION:=		net/radius
-PKG_DEPENDS:=		libfreeradius-client
+PKG_DEPENDS:=		libfreeradius-client libressl
+PKG_BUILDDEP:=		libressl
 PKG_URL:=		http://www.freeradius.org/
 PKG_SITES:=		ftp://ftp.freeradius.org/pub/radius/
 
-PKG_CHOICES_FREERADIUS_CLIENT:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
 PKG_SUBPKGS:=		FREERADIUS_CLIENT LIBFREERADIUS_CLIENT

package/freeradius-server/Makefile

@@ -9,20 +9,12 @@ PKG_RELEASE:=		1
 PKG_HASH:=		b97b72915315f2dcd34001af2c1737947f91ad9104a40408b92b030356e25d59
 PKG_DESCR:=		flexible radius server
 PKG_SECTION:=		net/radius
-PKG_DEPENDS:=		libltdl libpcre libtalloc
-PKG_BUILDDEP:=		libtool pcre talloc
+PKG_DEPENDS:=		libltdl libpcre libtalloc libressl
+PKG_BUILDDEP:=		libtool pcre talloc libressl
 PKG_NEEDS:=		threads
 PKG_URL:=		http://www.freeradius.org/
 PKG_SITES:=		ftp://ftp.freeradius.org/pub/radius/
 
-PKG_CHOICES_FREERADIUS_SERVER:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
 PKG_SUBPKGS:=		FREERADIUS_SERVER FREERADIUS_DEMOCERTS FREERADIUS_MOD_CHAP FREERADIUS_MOD_DETAIL

package/freeswitch/Makefile

@@ -10,20 +10,12 @@ PKG_HASH:=		b7beaaac29dc0a58cc34cfd402bf1c7e8ca06975722fd8ddb2983cbed17dd6e4
 PKG_DESCR:=		cross-platform telephony platform
 PKG_SECTION:=		net/voip
 PKG_DEPENDS:=		libpcre libcurl zlib libjpeg-turbo libsqlite
+PKG_DEPENDS+=		libressl
 PKG_BUILDDEP:=		util-linux zlib libjpeg-turbo sqlite curl pcre
-PKG_BUILDDEP+=		speex
+PKG_BUILDDEP+=		speex libressl
 PKG_URL:=		http://www.freeswitch.org/
 PKG_SITES:=		http://files.freeswitch.org/freeswitch-releases/
 
-PKG_CHOICES_FREESWITCH:=WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
-
 include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,FREESWITCH,freeswitch,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION)))

package/git/Makefile

@@ -9,20 +9,12 @@ PKG_RELEASE:=		1
 PKG_HASH:=		c73364ac00ae85ffc6cfb12ca2700bb0edf30f63262be97be4039be594ff29e7
 PKG_DESCR:=		fast version control system
 PKG_SECTION:=		dev/scm
-PKG_BUILDDEP:=		curl expat
-PKG_DEPENDS:=		libcurl libexpat
+PKG_BUILDDEP:=		curl expat libressl
+PKG_DEPENDS:=		libcurl libexpat libressl
 PKG_NEEDS:=		threads rt
 PKG_URL:=		http://git-scm.com/
 PKG_SITES:=		https://www.kernel.org/pub/software/scm/git/
 
-PKG_CHOICES_GIT:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,GIT,git,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))

package/hostapd/Makefile

@@ -17,10 +17,7 @@ PKG_SITES:=		http://hostap.epitest.fi/releases/
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
 PKG_SUBPKGS:=		HOSTAPD HOSTAPD_UTILS
-PKG_CHOICES_HOSTAPD:=	WITH_LIBRESSL WITH_GNUTLS WITH_OPENSSL
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCS_WITH_OPENSSL:=	libopenssl
-PKGCB_WITH_OPENSSL:=	openssl
+PKG_CHOICES_HOSTAPD:=	WITH_LIBRESSL WITH_GNUTLS
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCS_WITH_LIBRESSL:=	libressl
 PKGCB_WITH_LIBRESSL:=	libressl

package/httping/Makefile

@@ -9,18 +9,12 @@ PKG_RELEASE:=		1
 PKG_HASH:=		dab59f02b08bfbbc978c005bb16d2db6fe21e1fc841fde96af3d497ddfc82084
 PKG_DESCR:=		like ping but for http-requests
 PKG_SECTION:=		net/http
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_SITES:=		http://www.vanheusden.com/httping/
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tgz
 
-PKG_CHOICES_HTTPING:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,HTTPING,httping,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))

package/ipsec-tools/Makefile

@@ -9,21 +9,14 @@ PKG_RELEASE:=		2
 PKG_HASH:=		8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d
 PKG_DESCR:=		ipsec management tools
 PKG_SECTION:=		net/security
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		flex libressl
 PKG_KDEPENDS:=		net-key
-PKG_BUILDDEP:=		flex
 PKG_URL:=		http://ipsec-tools.sourceforge.net/
 PKG_SITES:=		$(MASTER_SITE_SOURCEFORGE:=ipsec-tools/)
 
 DISTFILES:=		$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 
-PKG_CHOICES_IPSEC_TOOLS:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 PKG_FLAVOURS_IPSEC_TOOLS:=	WITH_IPV6
 PKGFD_WITH_IPV6:=		enable ipv6 support
 

package/irssi/Makefile

@@ -14,14 +14,11 @@ PKG_BUILDDEP:=		glib ncurses
 PKG_URL:=		http://www.irssi.org/
 PKG_SITES:=		https://github.com/irssi/irssi/releases/download/$(PKG_VERSION)/
 
-PKG_CHOICES_IRSSI:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_IRSSI:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 PKG_FLAVOURS_IRSSI:=	WITH_IPV6
 PKGFD_WITH_IPV6:=	enable ipv6 support

package/kodi/Makefile

@@ -9,7 +9,7 @@ PKG_RELEASE:=		1
 PKG_HASH:=		7d82c8aff2715c83deecdf10c566e26105bec0473af530a1356d4c747ebdfd10
 PKG_DESCR:=		software media player
 PKG_SECTION:=		mm/video
-PKG_DEPENDS:=		boost python2 libsquish libbluray
+PKG_DEPENDS:=		boost python2 libsquish libbluray libressl
 PKG_DEPENDS+=		libass libmpeg2 libmad libdbus libglew mesa
 PKG_DEPENDS+=		libjpeg-turbo libogg libvorbis libmodplug libcurl
 PKG_DEPENDS+=		libflac libbz2 libtiff liblzo libnettle librtmp
@@ -27,7 +27,7 @@ PKG_BUILDDEP+=		eudev alsa-lib glib glu libmodplug libgtk2
 PKG_BUILDDEP+=		libgpg-error dbus libxslt libvorbis libbluray
 PKG_BUILDDEP+=		swig-host liblzo-host libpng-host libjpeg-turbo-host
 PKG_BUILDDEP+=		zip-host unzip-host giflib-host libsquish libdcadec
-PKG_BUILDDEP+=		libcrossguid
+PKG_BUILDDEP+=		libcrossguid libressl
 PKG_NEEDS:=		threads rt c++
 PKG_URL:=		http://kodi.tv/
 PKG_SITES:=		https://github.com/xbmc/xbmc/archive/
@@ -37,14 +37,6 @@ PKG_CFLINE_KODI:=	select ADK_PACKAGE_GPU_VIV_BIN_MX6Q if ADK_TARGET_SYSTEM_SOLID
 DISTFILES:=		$(PKG_VERSION)-Jarvis.tar.gz
 WRKDIST=		${WRKDIR}/xbmc-$(PKG_VERSION)-Jarvis
 
-PKG_CHOICES_KODI:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCS_WITH_OPENSSL:=	libopenssl
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCB_WITH_LIBRESSL:=	libressl
-
 PKG_FLAVOURS_KODI:=	WITH_SMB WITH_NFS WITH_SSH WITH_AVAHI WITH_CEC 
 PKG_FLAVOURS_KODI+=	WITH_WEBSERVER WITH_LIRC
 

package/lftp/Makefile

@@ -16,17 +16,14 @@ PKG_NEEDS:=		c++
 PKG_URL:=		http://lftp.yar.ru/
 PKG_SITES:=		http://lftp.yar.ru/ftp/
 
-PKG_CHOICES_LFTP:=	WITHOUT_SSL WITH_GNUTLS WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
-PKGCB_WITH_OPENSSL:=	openssl
+PKG_CHOICES_LFTP:=	WITH_LIBRESSL WITH_GNUTLS WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCD_WITH_GNUTLS:=	use gnutls for crypto
 PKGCS_WITH_GNUTLS:=	libgnutls ca-certificates
 PKGCB_WITH_GNUTLS:=	gnutls
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include $(ADK_TOPDIR)/mk/package.mk
 
@@ -44,10 +41,6 @@ ifeq (${ADK_PACKAGE_LFTP_WITH_GNUTLS},y)
 CONFIGURE_ARGS+=	--without-openssl \
 			--with-gnutls
 endif
-ifeq (${ADK_PACKAGE_LFTP_WITH_OPENSSL},y)
-CONFIGURE_ARGS+=	--with-openssl="$(STAGING_TARGET_DIR)/usr" \
-			--without-gnutls
-endif
 ifeq (${ADK_PACKAGE_LFTP_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	--with-openssl="$(STAGING_TARGET_DIR)/usr" \
 			--without-gnutls

package/libesmtp/Makefile

@@ -15,14 +15,11 @@ PKG_OPTS:=		dev
 
 DISTFILES:=             ${PKG_NAME}-${PKG_VERSION}.tar.bz2
 
-PKG_CHOICES_LIBESMTP:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_LIBESMTP:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
+PKGCS_WITH_LIBRESSL:=	libressl
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include $(ADK_TOPDIR)/mk/package.mk
 
@@ -30,9 +27,6 @@ $(eval $(call PKG_template,LIBESMTP,libesmtp,$(PKG_VERSION)-${PKG_RELEASE},${PKG
 
 AUTOTOOL_STYLE:=	autoreconf
 
-ifeq (${ADK_PACKAGE_LIBESMTP_WITH_OPENSSL},y)
-CONFIGURE_ARGS+=	--with-openssl
-endif
 ifeq (${ADK_PACKAGE_LIBESMTP_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	--with-openssl
 endif

package/libp11/Makefile

@@ -9,22 +9,14 @@ PKG_RELEASE:=		1
 PKG_HASH:=		a4121015503ade98074b5e2a2517fc8a139f8b28aed10021db2bb77283f40691
 PKG_DESCR:=		library implementing a small layer on top of pkcs11 api
 PKG_SECTION:=		libs/crypto
-PKG_DEPENDS:=		libltdl
-PKG_BUILDDEP:=		libtool
+PKG_DEPENDS:=		libltdl libressl
+PKG_BUILDDEP:=		libtool libressl
 PKG_URL:=		https://github.com/OpenSC/libp11/wiki
 PKG_SITES:=		http://sourceforge.net/projects/opensc/files/libp11/
 PKG_OPTS:=		dev
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_LIBP11:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,LIBP11,libp11,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS}))

package/libssh/Makefile

@@ -9,20 +9,12 @@ PKG_RELEASE:=		1
 PKG_HASH:=		26ef46be555da21112c01e4b9f5e3abba9194485c8822ab55ba3d6496222af98
 PKG_DESCR:=		secure shell library
 PKG_SECTION:=		libs/crypto
-PKG_DEPENDS:=		zlib
-PKG_BUILDDEP:=		cmake-host zlib
+PKG_DEPENDS:=		zlib libressl
+PKG_BUILDDEP:=		cmake-host zlib libressl
 PKG_URL:=		http://www.libssh.org/
 PKG_SITES:=		https://red.libssh.org/attachments/download/195/
 PKG_OPTS:=		dev
 
-PKG_CHOICES_LIBSSH:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCS_WITH_OPENSSL:=	libopenssl
-PKGCB_WITH_OPENSSL:=	openssl
-
 include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,LIBSSH,libssh,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION),$(PKG_OPTS)))

package/libssh2/Makefile

@@ -9,22 +9,14 @@ PKG_RELEASE:=		1
 PKG_HASH:=		e4561fd43a50539a8c2ceb37841691baf03ecb7daf043766da1b112e4280d584
 PKG_DESCR:=		client-side c library implementing ssh2 protocol
 PKG_SECTION:=		libs/crypto
-PKG_BUILDDEP:=		zlib
-PKG_DEPENDS:=		zlib
+PKG_BUILDDEP:=		zlib libressl
+PKG_DEPENDS:=		zlib libressl
 PKG_URL:=		http://www.libssh2.org/
 PKG_SITES:=		http://www.libssh2.org/download/
 PKG_OPTS:=		dev
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_LIBSSH2:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,LIBSSH2,libssh2,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS}))

package/libtorrent/Makefile

@@ -9,22 +9,14 @@ PKG_RELEASE:=		1
 PKG_HASH:=		2838a08c96edfd936aff8fbf99ecbb930c2bfca3337dd1482eb5fccdb80d5a04
 PKG_DESCR:=		bittorrent library
 PKG_SECTION:=		libs/net
-PKG_DEPENDS:=		libsigc++ zlib
-PKG_BUILDDEP:=		libsigc++ zlib gettext-tiny
+PKG_DEPENDS:=		libsigc++ zlib libressl
+PKG_BUILDDEP:=		libsigc++ zlib libressl gettext-tiny
 PKG_URL:=		https://rakshasa.github.io/rtorrent/
 PKG_SITES:=		http://rtorrent.net/downloads/
 PKG_OPTS:=		dev
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_LIBTORRENT:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,LIBTORRENT,libtorrent,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS}))

package/lighttpd/Makefile

@@ -15,14 +15,11 @@ PKG_SITES:=		http://download.lighttpd.net/lighttpd/releases-1.4.x/
 PKG_FLAVOURS_LIGHTTPD:=	WITH_IPV6
 PKGFD_WITH_IPV6:=	enable ipv6 support
 
-PKG_CHOICES_LIGHTTPD:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_LIGHTTPD:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 PKG_SUBPKGS:=		LIGHTTPD LIGHTTPD_MOD_ALIAS LIGHTTPD_MOD_AUTH
 PKG_SUBPKGS+=		LIGHTTPD_MOD_CGI LIGHTTPD_MOD_DIRLIST LIGHTTPD_MOD_EVASIVE LIGHTTPD_MOD_EXPIRE LIGHTTPD_MOD_FASTCGI
@@ -147,9 +144,6 @@ else
 CONFIGURE_ARGS+=	--disable-ipv6
 endif
 
-ifeq ($(ADK_PACKAGE_LIGHTTPD_WITH_OPENSSL),y)
-CONFIGURE_ARGS+=	--with-openssl
-endif
 ifeq ($(ADK_PACKAGE_LIGHTTPD_WITH_LIBRESSL),y)
 CONFIGURE_ARGS+=	--with-openssl
 endif

package/links/Makefile

@@ -16,14 +16,11 @@ PKG_SITES:=		http://links.twibright.com/download/
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_LINKS:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_LINKS:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 PKG_FLAVOURS_LINKS:=	WITH_DIRECTFB
 PKGFD_WITH_DIRECTFB:=	enable DirectFB video output support

package/lynx/Makefile

@@ -9,8 +9,8 @@ PKG_RELEASE:=		2
 PKG_HASH:=		234c9dc77d4c4594ad6216d7df4d49eae3019a3880e602f39721b35b97fbc408
 PKG_DESCR:=		text browser
 PKG_SECTION:=		app/browser
-PKG_DEPENDS:=		libncurses zlib
-PKG_BUILDDEP:=		ncurses zlib
+PKG_DEPENDS:=		libncurses zlib libressl
+PKG_BUILDDEP:=		ncurses zlib libressl
 PKG_URL:=		http://lynx.isc.org/
 PKG_SITES:=		http://lynx.isc.org/${PKG_NAME}${PKG_VERSION}/
 PKG_NOPARALLEL:=	1
@@ -18,20 +18,13 @@ PKG_NOPARALLEL:=	1
 DISTFILES:=		${PKG_NAME}${PKG_VERSION}.tar.gz
 WRKDIST=		${WRKDIR}/lynx2-8-8
 
-PKG_CHOICES_LYNX:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,LYNX,lynx,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
 TARGET_CPPFLAGS+=	-I${STAGING_TARGET_DIR}/include/openssl
 TARGET_CPPFLAGS+=	-DUSE_OPENSSL_INCL -DUSE_X509_SUPPORT
+
 CONFIGURE_ENV+=		ac_cv_path_TELNET=telnet \
 			ac_cv_path_TN3270=tn3270 \
 			ac_cv_path_RLOGIN=rlogin \

package/mini_httpd/Makefile

@@ -8,6 +8,8 @@ PKG_VERSION:=		1.19
 PKG_RELEASE:=		10
 PKG_HASH:=		f7f36533b1338ea16d916ea525ea7006ab38fdd3544ac7df93a4688a8e270241
 PKG_DESCR:=		small webserver with ssl
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_SECTION:=		net/http
 PKG_URL:=		http://www.acme.com/software/mini_httpd/
 PKG_SITES:=		http://www.acme.com/software/mini_httpd/
@@ -15,14 +17,6 @@ PKG_SITES:=		http://www.acme.com/software/mini_httpd/
 DISTFILES:=		mini_httpd-${PKG_VERSION}.tar.gz
 WRKDIST=		${WRKDIR}/mini_httpd-${PKG_VERSION}
 
-PKG_CHOICES_MINI_HTTPD:=WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,MINI_HTTPD,mini-httpd,${PKG_VERSION}-${PKG_RELEASE},,${PKG_DESCR},${PKG_SECTION}))

package/monit/Makefile

@@ -9,20 +9,14 @@ PKG_RELEASE:=		1
 PKG_HASH:=		befcd54365502bce4ffd6d1b0c345d5b689c9f7cb3a35a462ba7dcffcf6f62b8
 PKG_DESCR:=		utility for system services monitoring
 PKG_SECTION:=		sys/misc
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_NEEDS:=		threads
 PKG_URL:=		http://mmonit.com/monit/
 PKG_SITES:=		https://mmonit.com/monit/dist/
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_MONIT:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,MONIT,monit,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))

package/mosquitto/Makefile

@@ -9,22 +9,14 @@ PKG_RELEASE:=		1
 PKG_HASH:=		1df3ae07de40b80a74cd37a7b026895c544cdd3b42c9e0719ae91623aa98c58b
 PKG_DESCR:=		mqtt broker
 PKG_SECTION:=		net/misc
-PKG_DEPENDS:=		c-ares
-PKG_BUILDDEP:=		cmake-host c-ares
+PKG_DEPENDS:=		c-ares libressl
+PKG_BUILDDEP:=		cmake-host c-ares libressl
 PKG_NEEDS:=		threads rt
 PKG_URL:=		http://mosquitto.org
 PKG_SITES:=		http://mosquitto.org/files/source/
 
 DISTFILES:=             ${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_MOSQUITTO:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,MOSQUITTO,mosquitto,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION)))

package/mutt/Makefile

@@ -14,14 +14,11 @@ PKG_BUILDDEP:=		ncurses
 PKG_URL:=		http://www.mutt.org/
 PKG_SITES:=		ftp://ftp.mutt.org/pub/mutt/
 
-PKG_CHOICES_MUTT:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_MUTT:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 

package/neon/Makefile

@@ -9,8 +9,8 @@ PKG_RELEASE:=		1
 PKG_HASH:=		00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd
 PKG_DESCR:=		http and webdav library
 PKG_SECTION:=		libs/misc
-PKG_DEPENDS:=		libxml2 zlib
-PKG_BUILDDEP:=		libxml2 zlib
+PKG_DEPENDS:=		libxml2 zlib libressl
+PKG_BUILDDEP:=		libxml2 zlib libressl
 PKG_NEEDS:=		threads
 PKG_URL:=		http://webdav.org/neon/
 PKG_SITES:=		http://webdav.org/neon/
@@ -18,14 +18,6 @@ PKG_OPTS:=		dev
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_NEON:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,NEON,neon,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS}))

package/nginx/Makefile

@@ -17,21 +17,19 @@ PKG_SITES:=		http://nginx.org/download/
 
 DISTFILES:=		$(PKG_NAME)-$(PKG_VERSION).tar.gz
 
-PKG_CHOICES_NGINX:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_NGINX:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,NGINX,nginx,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION)))
 
-CONFIG_STYLE:=          minimal
 TARGET_CFLAGS+=         -fPIC
+
+CONFIG_STYLE:=          minimal
 CONFIGURE_ENV+=		ngx_force_gcc_have_atomic=yes \
 			ngx_force_have_libatomic=no
 CONFIGURE_ARGS:=        --prefix=/srv/www \
@@ -51,9 +49,6 @@ CONFIGURE_ARGS:=        --prefix=/srv/www \
 			--http-scgi-temp-path=/var/lib/nginx/uwsgi \
 			--http-uwsgi-temp-path=/var/lib/nginx/uwsgi
 
-ifeq ($(ADK_PACKAGE_NGINX_WITH_OPENSSL),y)
-CONFIGURE_ARGS+=	--with-http_ssl_module
-endif
 ifeq ($(ADK_PACKAGE_NGINX_WITH_LIBRESSL),y)
 CONFIGURE_ARGS+=	--with-http_ssl_module
 endif

package/nut/Makefile

@@ -22,14 +22,11 @@ PKGFD_WITH_USB:=	enable usb support
 PKGFS_WITH_USB:=	libusb libusb-compat
 PKGFB_WITH_USB:=	libusb libusb-compat
 
-PKG_CHOICES_NUT:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_NUT:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include ${ADK_TOPDIR}/mk/package.mk
 
@@ -87,11 +84,6 @@ CONFIGURE_ARGS+=	--with-linux-hiddev=${LINUX_DIR}/include/linux/hiddev.h \
 			--with-group=0 \
 			--with-user=0
 
-ifeq (${ADK_PACKAGE_NUT_WITH_OPENSSL},y)
-CONFIGURE_ARGS+=	--with-ssl
-CONFIGURE_ENV+=		CPPFLAGS="${TARGET_CPPFLAGS} ${TARGET_LDFLAGS}"
-MAKE_FLAGS+=		SSL_CFLAGS="${TARGET_CPPFLAGS}" SSL_LDFLAGS="${TARGET_LDFLAGS} -lssl -lcrypto"
-endif
 ifeq (${ADK_PACKAGE_NUT_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	--with-ssl
 CONFIGURE_ENV+=		CPPFLAGS="${TARGET_CPPFLAGS} ${TARGET_LDFLAGS}"

package/openldap/Makefile

@@ -9,8 +9,8 @@ PKG_RELEASE:=		1
 PKG_HASH:=		d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400
 PKG_DESCR:=		ldap client libraries
 PKG_SECTION:=		libs/misc
-PKG_DEPENDS:=		libsasl2 libdb libuuid libncurses
-PKG_BUILDDEP:=		cyrus-sasl db util-linux
+PKG_DEPENDS:=		libsasl2 libdb libuuid libncurses libressl
+PKG_BUILDDEP:=		cyrus-sasl db util-linux libressl
 PKG_NEEDS:=		threads c++
 PKG_URL:=		http://www.openldap.org/
 PKG_SITES:=		ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/
@@ -19,14 +19,6 @@ PKG_OPTS:=		dev
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tgz
 
-PKG_CHOICES_CTORRENT:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 PKG_SUBPKGS:=		LIBOPENLDAP OPENLDAP_UTILS OPENLDAP_SLAPD
 PKGSD_OPENLDAP_UTILS:=	ldap utilities
 PKGSS_OPENLDAP_UTILS:=	libopenldap
@@ -44,6 +36,7 @@ $(eval $(call PKG_template,LIBOPENLDAP,libopenldap,${PKG_VERSION}-${PKG_RELEASE}
 $(eval $(call PKG_template,OPENLDAP_UTILS,openldap-utils,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_OPENLDAP_UTILS},${PKGSD_OPENLDAP_UTILS},${PKGSC_OPENLDAP_UTILS}))
 $(eval $(call PKG_template,OPENLDAP_SLAPD,openldap-slapd,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_OPENLDAP_SLAPD},${PKGSD_OPENLDAP_SLAPD},${PKGSC_OPENLDAP_SLAPD}))
 
+CONFIGURE_ENV+=		ac_cv_func_memcmp_working=yes
 CONFIGURE_ARGS+= 	--enable-slapd \
 			--libexecdir=/usr/sbin \
 			--enable-bdb \
@@ -65,7 +58,6 @@ else
 CONFIGURE_ARGS+=	--disable-ipv6
 endif
 
-CONFIGURE_ENV+=		ac_cv_func_memcmp_working=yes
 XAKE_FLAGS+=		STRIP="" CPPFLAGS="-D_GNU_SOURCE"
 
 libopenldap-install:

package/opensc/Makefile

@@ -9,8 +9,8 @@ PKG_RELEASE:=		1
 PKG_HASH:=		7c8600a37d11f82410699ee5c60bfebc46f6714d0d87b4125dd99215c87d4db8
 PKG_DESCR:=		utilities to access smart cards
 PKG_SECTION:=		app/crypto
-PKG_BUILDDEP:=		openct pcsc-lite readline
-PKG_DEPENDS:=		libopensc libopenct pcsc-lite libreadline
+PKG_BUILDDEP:=		openct pcsc-lite readline libressl
+PKG_DEPENDS:=		libopensc libopenct pcsc-lite libreadline libressl
 PKG_URL:=		https://github.com/OpenSC/OpenSC/wiki
 PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=opensc/}
 PKG_LIBNAME:=		libopensc
@@ -18,14 +18,6 @@ PKG_OPTS:=		dev
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_OPENSC:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 PKG_SUBPKGS:=		OPENSC LIBOPENSC
 PKGSD_LIBOPENSC:=	opensc library
 PKGSC_LIBOPENSC:=	libs/crypto

package/opensips/Makefile

@@ -9,19 +9,13 @@ PKG_RELEASE:=		1
 PKG_HASH:=		bbf31ea3544ce0d0f0aa346e9aa023f3208119f8aee34f3188329fd53a87ddc5
 PKG_DESCR:=		high-performance, configurable, free sip server
 PKG_SECTION:=		net/voip
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_URL:=		http://opensips.org/
 PKG_SITES:=		http://opensips.org/pub/opensips/$(PKG_VERSION)/
 
 DISTFILES:=		$(PKG_NAME)-$(PKG_VERSION).tar.gz
 
-PKG_CHOICES_OPENSIPS:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 PKG_SUBPKGS:=		OPENSIPS OPENSIPS_MOD_ACCOUNTING OPENSIPS_MOD_AUTH
 PKG_SUBPKGS+=		OPENSIPS_MOD_AUTH_DB OPENSIPS_MOD_AVPOPS OPENSIPS_MOD_DISPATCHER
 PKG_SUBPKGS+=		OPENSIPS_MOD_DIVERSION OPENSIPS_MOD_FLATSTORE OPENSIPS_MOD_GFLAGS

package/openssh/Makefile

@@ -9,8 +9,8 @@ PKG_RELEASE:=		1
 PKG_HASH:=		3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc
 PKG_DESCR:=		secure shell implementation
 PKG_SECTION:=		net/security
-PKG_BUILDDEP:=		zlib
-PKG_DEPENDS:=		zlib
+PKG_BUILDDEP:=		zlib libressl
+PKG_DEPENDS:=		zlib libressl
 PKG_NEEDS:=		threads
 PKG_URL:=		http://www.openssh.com/
 PKG_SITES:=		http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
@@ -36,14 +36,6 @@ PKGFD_WITH_KRB5:=	enable kerberos 5 support
 PKGFS_WITH_KRB5:=	libkrb5 libcom-err
 PKGFB_WITH_KRB5:=	krb5
 
-PKG_CHOICES_OPENSSH:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	with libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	with openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-PKGCB_WITH_OPENSSL:=	openssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,OPENSSH,openssh,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))

package/openssl/Makefile

@@ -1,130 +0,0 @@
-# This file is part of the OpenADK project. OpenADK is copyrighted
-# material, please see the LICENCE file in the top-level directory.
-
-include ${ADK_TOPDIR}/rules.mk
-
-PKG_NAME:=		openssl
-PKG_VERSION:=		1.0.2j
-PKG_RELEASE:=		1
-PKG_HASH:=		e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431
-PKG_DESCR:=		secure socket layer libraries
-PKG_SECTION:=		libs/crypto
-PKG_DEPENDS:=		zlib
-PKG_BUILDDEP:=		zlib
-PKG_URL:=		http://www.openssl.org/
-PKG_SITES:=		http://www.openssl.org/source/
-PKG_LIBNAME:=		libopenssl
-PKG_OPTS:=		dev
-PKG_NOPARALLEL:=	1
-
-DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
-
-PKG_SUBPKGS:=		LIBOPENSSL OPENSSL_UTIL
-PKGSD_OPENSSL_UTIL:=	openssl command line tool
-PKGSC_OPENSSL_UTIL:=	app/crypto
-PKGSS_OPENSSL_UTIL:=	libopenssl
-
-PKG_FLAVOURS_LIBOPENSSL:=	WITH_CRYPTODEV
-PKGFD_WITH_CRYPTODEV:=		enable support for cryptodev-linux
-
-include ${ADK_TOPDIR}/mk/host.mk
-include ${ADK_TOPDIR}/mk/package.mk
-
-$(eval $(call HOST_template,OPENSSL,openssl,${PKG_VERSION}-${PKG_RELEASE}))
-$(eval $(call PKG_template,LIBOPENSSL,libopenssl,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},$(PKG_OPTS)))
-$(eval $(call PKG_template,OPENSSL_UTIL,openssl-util,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_OPENSSL_UTIL},${PKGSD_OPENSSL_UTIL},${PKGSC_OPENSSL_UTIL}))
-
-ifeq ($(ADK_TARGET_USE_STATIC_LIBS),y)
-OPENSSL_OPTIONS:=	no-shared zlib no-dso
-else
-OPENSSL_OPTIONS:=	shared zlib-dynamic
-ALL_TARGET+=		build-shared
-TARGET_CFLAGS+=		-ldl
-endif
-
-OPENSSL_OPTIONS+= threads no-err no-krb5 no-engines no-rc5 no-sha0 no-smime no-aes192
-
-HOST_STYLE:=		manual
-CONFIG_STYLE:=		manual
-BUILD_STYLE:=		manual
-
-INSTALL_TARGET:=	install_sw
-FAKE_FLAGS+=		INSTALL_PREFIX=${WRKINST}
-
-ifneq ($(ADK_PACKAGE_LIBOPENSSL_WITH_CRYPTODEV),)
-OPENSSL_OPTIONS+= -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
-endif
-
-ifeq ($(ADK_TARGET_ARCH_MICROBLAZE),y)
-TARGET_CFLAGS:=		$(subst g3,g,$(TARGET_CFLAGS))
-endif
-ifeq ($(ADK_TARGET_ARCH_XTENSA),y)
-TARGET_CFLAGS:=		$(subst g3,g,$(TARGET_CFLAGS))
-endif
-ifeq ($(ADK_TARGET_ARCH_PPC),y)
-TARGET_CFLAGS:=		$(subst g3,g,$(TARGET_CFLAGS))
-endif
-
-CONFIG:=		linux-generic32
-ifeq ($(ADK_TARGET_ARCH_X86_64),y)
-CONFIG:=		linux-x86_64
-endif
-
-ifneq (,$(filter CYGWIN%,${OS_FOR_BUILD}))
-HOSTCONFIG:=		Cygwin-x86_64
-endif
-ifeq ($(OS_FOR_BUILD),Darwin)
-HOSTCONFIG:=		darwin64-x86_64-cc
-endif
-
-host-configure:
-ifeq ($(HOSTCONFIG),)
-	(cd $(WRKBUILD); ./config --prefix='$(STAGING_HOST_DIR)/usr' -fPIC -ldl)
-else
-	(cd $(WRKBUILD); ./Configure $(HOSTCONFIG) --prefix='$(STAGING_HOST_DIR)/usr')
-endif
-
-host-build:
-	(cd $(WRKBUILD); make)
-
-openssl-hostinstall:
-	(cd $(WRKBUILD); make install)
-
-post-extract:
-	-mkdir -p $(STAGING_TARGET_DIR)/usr/include/crypto
-	$(CP) ./files/cryptodev.h $(STAGING_TARGET_DIR)/usr/include/crypto/
-
-do-configure:
-	(cd $(WRKBUILD); \
-		PATH='$(TARGET_PATH)' \
-		./Configure $(CONFIG) \
-		  --prefix=/usr \
-		  --openssldir=/etc/ssl \
-		  -I$(STAGING_TARGET_DIR)/usr/include \
-		  -L$(STAGING_TARGET_DIR)/usr/lib \
-		  -DOPENSSL_SMALL_FOOTPRINT \
-		  $(OPENSSL_OPTIONS) \
-	);
-	$(SED) "s:-O[0-9]:$(TARGET_CFLAGS) -fPIC:" $(WRKBUILD)/Makefile
-
-do-build:
-	$(MAKE) -C $(WRKBUILD) \
-		CC="$(TARGET_CC)" \
-		AR="$(TARGET_CROSS)ar r" \
-		RANLIB="$(TARGET_CROSS)ranlib" \
-		$(ALL_TARGET)
-
-libopenssl-install:
-	${INSTALL_DIR} ${IDIR_LIBOPENSSL}/usr/lib
-	${CP} ${WRKINST}/usr/lib*/lib*.so* ${IDIR_LIBOPENSSL}/usr/lib
-	chmod 644 ${IDIR_LIBOPENSSL}/usr/lib/lib*.so*
-
-openssl-util-install:
-	${INSTALL_DIR} ${IDIR_OPENSSL_UTIL}/usr/bin
-	${CP} ${WRKINST}/usr/bin/openssl ${IDIR_OPENSSL_UTIL}/usr/bin
-	${INSTALL_DIR} ${IDIR_OPENSSL_UTIL}/etc/ssl/{,certs,private}
-	${CP} ${WRKSRC}/apps/openssl.cnf ${IDIR_OPENSSL_UTIL}/etc/ssl/
-	chmod 0700 ${IDIR_OPENSSL_UTIL}/etc/ssl/private
-
-include ${ADK_TOPDIR}/mk/host-bottom.mk
-include ${ADK_TOPDIR}/mk/pkg-bottom.mk

package/openssl/files/cryptodev.h

@@ -1,288 +0,0 @@
-/* This is a source compatible implementation with the original API of
- * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
- * Placed under public domain */
-
-#ifndef L_CRYPTODEV_H
-#define L_CRYPTODEV_H
-
-#include <linux/types.h>
-#ifndef __KERNEL__
-#define __user
-#endif
-
-/* API extensions for linux */
-#define CRYPTO_HMAC_MAX_KEY_LEN		512
-#define CRYPTO_CIPHER_MAX_KEY_LEN	64
-
-/* All the supported algorithms
- */
-enum cryptodev_crypto_op_t {
-	CRYPTO_DES_CBC = 1,
-	CRYPTO_3DES_CBC = 2,
-	CRYPTO_BLF_CBC = 3,
-	CRYPTO_CAST_CBC = 4,
-	CRYPTO_SKIPJACK_CBC = 5,
-	CRYPTO_MD5_HMAC = 6,
-	CRYPTO_SHA1_HMAC = 7,
-	CRYPTO_RIPEMD160_HMAC = 8,
-	CRYPTO_MD5_KPDK = 9,
-	CRYPTO_SHA1_KPDK = 10,
-	CRYPTO_RIJNDAEL128_CBC = 11,
-	CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC,
-	CRYPTO_ARC4 = 12,
-	CRYPTO_MD5 = 13,
-	CRYPTO_SHA1 = 14,
-	CRYPTO_DEFLATE_COMP = 15,
-	CRYPTO_NULL = 16,
-	CRYPTO_LZS_COMP = 17,
-	CRYPTO_SHA2_256_HMAC = 18,
-	CRYPTO_SHA2_384_HMAC = 19,
-	CRYPTO_SHA2_512_HMAC = 20,
-	CRYPTO_AES_CTR = 21,
-	CRYPTO_AES_XTS = 22,
-	CRYPTO_AES_ECB = 23,
-	CRYPTO_AES_GCM = 50,
-
-	CRYPTO_CAMELLIA_CBC = 101,
-	CRYPTO_RIPEMD160,
-	CRYPTO_SHA2_256,
-	CRYPTO_SHA2_384,
-	CRYPTO_SHA2_512,
-	CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
-};
-
-#define	CRYPTO_ALGORITHM_MAX	(CRYPTO_ALGORITHM_ALL - 1)
-
-/* Values for ciphers */
-#define DES_BLOCK_LEN		8
-#define DES3_BLOCK_LEN		8
-#define RIJNDAEL128_BLOCK_LEN	16
-#define AES_BLOCK_LEN		RIJNDAEL128_BLOCK_LEN
-#define CAMELLIA_BLOCK_LEN      16
-#define BLOWFISH_BLOCK_LEN	8
-#define SKIPJACK_BLOCK_LEN	8
-#define CAST128_BLOCK_LEN	8
-
-/* the maximum of the above */
-#define EALG_MAX_BLOCK_LEN	16
-
-/* Values for hashes/MAC */
-#define AALG_MAX_RESULT_LEN		64
-
-/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */
-#define CRYPTODEV_MAX_ALG_NAME		64
-
-#define HASH_MAX_LEN 64
-
-/* input of CIOCGSESSION */
-struct session_op {
-	/* Specify either cipher or mac
-	 */
-	__u32	cipher;		/* cryptodev_crypto_op_t */
-	__u32	mac;		/* cryptodev_crypto_op_t */
-
-	__u32	keylen;
-	__u8	__user *key;
-	__u32	mackeylen;
-	__u8	__user *mackey;
-
-	__u32	ses;		/* session identifier */
-};
-
-struct session_info_op {
-	__u32 ses;		/* session identifier */
-
-	/* verbose names for the requested ciphers */
-	struct alg_info {
-		char cra_name[CRYPTODEV_MAX_ALG_NAME];
-		char cra_driver_name[CRYPTODEV_MAX_ALG_NAME];
-	} cipher_info, hash_info;
-
-	__u16	alignmask;	/* alignment constraints */
-	__u32   flags;          /* SIOP_FLAGS_* */
-};
-
-/* If this flag is set then this algorithm uses
- * a driver only available in kernel (software drivers,
- * or drivers based on instruction sets do not set this flag).
- *
- * If multiple algorithms are involved (as in AEAD case), then
- * if one of them is kernel-driver-only this flag will be set.
- */
-#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1
-
-#define	COP_ENCRYPT	0
-#define COP_DECRYPT	1
-
-/* input of CIOCCRYPT */
-struct crypt_op {
-	__u32	ses;		/* session identifier */
-	__u16	op;		/* COP_ENCRYPT or COP_DECRYPT */
-	__u16	flags;		/* see COP_FLAG_* */
-	__u32	len;		/* length of source data */
-	__u8	__user *src;	/* source data */
-	__u8	__user *dst;	/* pointer to output data */
-	/* pointer to output data for hash/MAC operations */
-	__u8	__user *mac;
-	/* initialization vector for encryption operations */
-	__u8	__user *iv;
-};
-
-/* input of CIOCAUTHCRYPT */
-struct crypt_auth_op {
-	__u32	ses;		/* session identifier */
-	__u16	op;		/* COP_ENCRYPT or COP_DECRYPT */
-	__u16	flags;		/* see COP_FLAG_AEAD_* */
-	__u32	len;		/* length of source data */
-	__u32	auth_len;	/* length of auth data */
-	__u8	__user *auth_src;	/* authenticated-only data */
-
-	/* The current implementation is more efficient if data are
-	 * encrypted in-place (src==dst). */
-	__u8	__user *src;	/* data to be encrypted and authenticated */
-	__u8	__user *dst;	/* pointer to output data. Must have
-	                         * space for tag. For TLS this should be at least 
-	                         * len + tag_size + block_size for padding */
-
-	__u8    __user *tag;    /* where the tag will be copied to. TLS mode
-                                 * doesn't use that as tag is copied to dst.
-                                 * SRTP mode copies tag there. */
-	__u32	tag_len;	/* the length of the tag. Use zero for digest size or max tag. */
-
-	/* initialization vector for encryption operations */
-	__u8	__user *iv;
-	__u32   iv_len;
-};
-
-/* In plain AEAD mode the following are required:
- *  flags   : 0
- *  iv      : the initialization vector (12 bytes)
- *  auth_len: the length of the data to be authenticated
- *  auth_src: the data to be authenticated
- *  len     : length of data to be encrypted
- *  src     : the data to be encrypted
- *  dst     : space to hold encrypted data. It must have
- *            at least a size of len + tag_size.
- *  tag_size: the size of the desired authentication tag or zero to use
- *            the maximum tag output.
- *
- * Note tag isn't being used because the Linux AEAD interface
- * copies the tag just after data.
- */
-
-/* In TLS mode (used for CBC ciphers that required padding) 
- * the following are required:
- *  flags   : COP_FLAG_AEAD_TLS_TYPE
- *  iv      : the initialization vector
- *  auth_len: the length of the data to be authenticated only
- *  len     : length of data to be encrypted
- *  auth_src: the data to be authenticated
- *  src     : the data to be encrypted
- *  dst     : space to hold encrypted data (preferably in-place). It must have
- *            at least a size of len + tag_size + blocksize.
- *  tag_size: the size of the desired authentication tag or zero to use
- *            the default mac output.
- *
- * Note that the padding used is the minimum padding.
- */
-
-/* In SRTP mode the following are required:
- *  flags   : COP_FLAG_AEAD_SRTP_TYPE
- *  iv      : the initialization vector
- *  auth_len: the length of the data to be authenticated. This must
- *            include the SRTP header + SRTP payload (data to be encrypted) + rest
- *            
- *  len     : length of data to be encrypted
- *  auth_src: pointer the data to be authenticated. Should point at the same buffer as src.
- *  src     : pointer to the data to be encrypted.
- *  dst     : This is mandatory to be the same as src (in-place only).
- *  tag_size: the size of the desired authentication tag or zero to use
- *            the default mac output.
- *  tag     : Pointer to an address where the authentication tag will be copied.
- */
-
-
-/* struct crypt_op flags */
-
-#define COP_FLAG_NONE		(0 << 0) /* totally no flag */
-#define COP_FLAG_UPDATE		(1 << 0) /* multi-update hash mode */
-#define COP_FLAG_FINAL		(1 << 1) /* multi-update final hash mode */
-#define COP_FLAG_WRITE_IV	(1 << 2) /* update the IV during operation */
-#define COP_FLAG_NO_ZC		(1 << 3) /* do not zero-copy */
-#define COP_FLAG_AEAD_TLS_TYPE  (1 << 4) /* authenticate and encrypt using the 
-                                          * TLS protocol rules */
-#define COP_FLAG_AEAD_SRTP_TYPE  (1 << 5) /* authenticate and encrypt using the 
-                                           * SRTP protocol rules */
-#define COP_FLAG_RESET		(1 << 6) /* multi-update reset the state.
-                                          * should be used in combination
-                                          * with COP_FLAG_UPDATE */
-
-
-/* Stuff for bignum arithmetic and public key
- * cryptography - not supported yet by linux
- * cryptodev.
- */
-
-#define	CRYPTO_ALG_FLAG_SUPPORTED	1
-#define	CRYPTO_ALG_FLAG_RNG_ENABLE	2
-#define	CRYPTO_ALG_FLAG_DSA_SHA		4
-
-struct crparam {
-	__u8	*crp_p;
-	__u32	crp_nbits;
-};
-
-#define CRK_MAXPARAM	8
-
-/* input of CIOCKEY */
-struct crypt_kop {
-	__u32	crk_op;		/* cryptodev_crk_ot_t */
-	__u32	crk_status;
-	__u16	crk_iparams;
-	__u16	crk_oparams;
-	__u32	crk_pad1;
-	struct crparam	crk_param[CRK_MAXPARAM];
-};
-
-enum cryptodev_crk_op_t {
-	CRK_MOD_EXP = 0,
-	CRK_MOD_EXP_CRT = 1,
-	CRK_DSA_SIGN = 2,
-	CRK_DSA_VERIFY = 3,
-	CRK_DH_COMPUTE_KEY = 4,
-	CRK_ALGORITHM_ALL
-};
-
-#define CRK_ALGORITHM_MAX	(CRK_ALGORITHM_ALL-1)
-
-/* features to be queried with CIOCASYMFEAT ioctl
- */
-#define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
-#define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
-#define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
-#define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
-#define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
-
-
-/* ioctl's. Compatible with old linux cryptodev.h
- */
-#define CRIOGET         _IOWR('c', 101, __u32)
-#define CIOCGSESSION    _IOWR('c', 102, struct session_op)
-#define CIOCFSESSION    _IOW('c', 103, __u32)
-#define CIOCCRYPT       _IOWR('c', 104, struct crypt_op)
-#define CIOCKEY         _IOWR('c', 105, struct crypt_kop)
-#define CIOCASYMFEAT    _IOR('c', 106, __u32)
-#define CIOCGSESSINFO	_IOWR('c', 107, struct session_info_op)
-
-/* to indicate that CRIOGET is not required in linux
- */
-#define CRIOGET_NOT_NEEDED 1
-
-/* additional ioctls for asynchronous  operation */
-#define CIOCASYNCCRYPT    _IOW('c', 107, struct crypt_op)
-#define CIOCASYNCFETCH    _IOR('c', 108, struct crypt_op)
-
-/* additional ioctls for AEAD */
-#define CIOCAUTHCRYPT   _IOWR('c', 109, struct crypt_auth_op)
-
-#endif /* L_CRYPTODEV_H */

package/openssl/files/openssl-util.conffiles

@@ -1 +0,0 @@
-/etc/ssl/openssl.cnf

package/openssl/patches/patch-Configure

@@ -1,11 +0,0 @@
---- openssl-1.0.2c.orig/Configure	2015-06-12 16:51:21.000000000 +0200
-+++ openssl-1.0.2c/Configure	2015-06-13 19:55:08.000000000 +0200
-@@ -365,7 +365,7 @@ my %table=(
- ####
- # *-generic* is endian-neutral target, but ./config is free to
- # throw in -D[BL]_ENDIAN, whichever appropriate...
--"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ppc",	"gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- 
- #######################################################################

package/openssl/patches/patch-Makefile_org

@@ -1,20 +0,0 @@
---- openssl-1.0.2c.orig/Makefile.org	2015-06-12 16:51:21.000000000 +0200
-+++ openssl-1.0.2c/Makefile.org	2015-06-13 19:48:43.000000000 +0200
-@@ -136,7 +136,7 @@ FIPSCANLIB=
- 
- BASEADDR=
- 
--DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl engines apps tools
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
- 
-@@ -526,7 +526,7 @@ dist:
- dist_pem_h:
- 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
- 
--install: all install_docs install_sw
-+install: all install_sw
- 
- install_sw:
- 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \

package/openssl/patches/patch-Makefile_shared

@@ -1,18 +0,0 @@
---- openssl-1.0.0a.orig/Makefile.shared	2009-10-16 01:44:11.000000000 +0200
-+++ openssl-1.0.0a/Makefile.shared	2010-07-09 16:19:54.623017943 +0200
-@@ -95,7 +95,6 @@ LINK_APP=	\
-     LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
--    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
- 
- LINK_SO=	\
-@@ -105,7 +104,6 @@ LINK_SO=	\
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
--    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
- 	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \

package/openssl/patches/patch-tools_c_rehash

@@ -1,13 +0,0 @@
---- openssl-1.0.2a.orig/tools/c_rehash	2015-03-19 14:31:17.000000000 +0100
-+++ openssl-1.0.2a/tools/c_rehash	2015-04-06 10:52:37.395255700 +0200
-@@ -3,8 +3,8 @@
- # Perl c_rehash script, scan all files in a directory
- # and add symbolic links to their hash values.
- 
--my $dir = "/usr/local/ssl";
--my $prefix = "/usr/local/ssl";
-+my $dir = "/etc/ssl";
-+my $prefix = "/usr";
- 
- my $openssl = $ENV{OPENSSL} || "openssl";
- my $pwd;

package/openssl/patches/patch-util_shlib_wrap_sh

@@ -1,16 +0,0 @@
---- openssl-1.0.0a.orig/util/shlib_wrap.sh	2009-11-15 20:06:21.000000000 +0100
-+++ openssl-1.0.0a/util/shlib_wrap.sh	2010-07-09 16:19:21.211017427 +0200
-@@ -57,11 +57,10 @@ SunOS|IRIX*)
- 	eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var
- 	unset rld_var
- 	;;
--*)	LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH"	# Linux, ELF HP-UX
--	DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH"	# MacOS X
-+*)	DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH"	# MacOS X
- 	SHLIB_PATH="${THERE}:$SHLIB_PATH"		# legacy HP-UX
- 	LIBPATH="${THERE}:$LIBPATH"			# AIX, OS/2
--	export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
-+	export DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
- 	# Even though $PATH is adjusted [for Windows sake], it doesn't
- 	# necessarily does the trick. Trouble is that with introduction
- 	# of SafeDllSearchMode in XP/2003 it's more appropriate to copy

package/openssl/src/crypto/engine/eng_cryptodev.c

@@ -1,1496 +0,0 @@
-/*
- * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
- * Copyright (c) 2012 Nikos Mavrogiannopoulos
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <openssl/objects.h>
-#include <openssl/engine.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
-	(defined(OpenBSD) || defined(__FreeBSD__))
-#include <sys/param.h>
-# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
-#  define HAVE_CRYPTODEV
-# endif
-# if (OpenBSD >= 200110)
-#  define HAVE_SYSLOG_R
-# endif
-#endif
-
-#ifndef HAVE_CRYPTODEV
-
-void
-ENGINE_load_cryptodev(void)
-{
-	/* This is a NOP on platforms without /dev/crypto */
-	return;
-}
-
-#else 
- 
-#include <sys/types.h>
-#include <crypto/cryptodev.h>
-#include <crypto/dh/dh.h>
-#include <crypto/dsa/dsa.h>
-#include <crypto/err/err.h>
-#include <crypto/rsa/rsa.h>
-#include <sys/ioctl.h>
-#include <errno.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <stdarg.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-
-struct dev_crypto_state {
-	struct session_op d_sess;
-	int d_fd;
-
-#ifdef USE_CRYPTODEV_DIGESTS
-	unsigned char digest_res[64];
-	char *mac_data;
-	int mac_len;
-#endif
-};
-
-static u_int32_t cryptodev_asymfeat = 0;
-
-static int get_asym_dev_crypto(void);
-static int open_dev_crypto(void);
-static int get_dev_crypto(void);
-static int get_cryptodev_ciphers(const int **cnids);
-#ifdef USE_CRYPTODEV_DIGESTS
-static int get_cryptodev_digests(const int **cnids);
-#endif
-static int cryptodev_usable_ciphers(const int **nids);
-static int cryptodev_usable_digests(const int **nids);
-static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t inl);
-static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc);
-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
-static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-    const int **nids, int nid);
-static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-    const int **nids, int nid);
-static int bn2crparam(const BIGNUM *a, struct crparam *crp);
-static int crparam2bn(struct crparam *crp, BIGNUM *a);
-static void zapparams(struct crypt_kop *kop);
-static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
-    int slen, BIGNUM *s);
-
-static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
-    RSA *rsa, BN_CTX *ctx);
-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-    BN_CTX *ctx, BN_MONT_CTX *mont);
-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
-    int dlen, DSA *dsa);
-static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
-    DSA_SIG *sig, DSA *dsa);
-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-    BN_MONT_CTX *m_ctx);
-static int cryptodev_dh_compute_key(unsigned char *key,
-    const BIGNUM *pub_key, DH *dh);
-static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-    void (*f)(void));
-void ENGINE_load_cryptodev(void);
-
-static const ENGINE_CMD_DEFN cryptodev_defns[] = {
-	{ 0, NULL, NULL, 0 }
-};
-
-static struct {
-	int	id;
-	int	nid;
-	int	ivmax;
-	int	keylen;
-} ciphers[] = {
-	{ CRYPTO_ARC4,			NID_rc4,		0,	16, },
-	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
-	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
-	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
-	{ CRYPTO_AES_CBC,		NID_aes_192_cbc,	16,	24, },
-	{ CRYPTO_AES_CBC,		NID_aes_256_cbc,	16,	32, },
-	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
-	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
-	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
-	{ 0,				NID_undef,		0,	 0, },
-};
-
-#ifdef USE_CRYPTODEV_DIGESTS
-static struct {
-	int	id;
-	int	nid;
-	int 	digestlen;
-} digests[] = {
-#if 0
-        /* HMAC is not supported */
-	{ CRYPTO_MD5_HMAC,		NID_hmacWithMD5,	16},
-	{ CRYPTO_SHA1_HMAC,		NID_hmacWithSHA1,	20},
-	{ CRYPTO_SHA2_256_HMAC,		NID_hmacWithSHA256,	32},
-	{ CRYPTO_SHA2_384_HMAC,		NID_hmacWithSHA384,	48},
-	{ CRYPTO_SHA2_512_HMAC,		NID_hmacWithSHA512,	64},
-#endif
-	{ CRYPTO_MD5,			NID_md5,		16},
-	{ CRYPTO_SHA1,			NID_sha1,		20},
-	{ CRYPTO_SHA2_256,		NID_sha256,		32},
-	{ CRYPTO_SHA2_384,		NID_sha384,		48},
-	{ CRYPTO_SHA2_512,		NID_sha512,		64},
-	{ 0,				NID_undef,		0},
-};
-#endif
-
-/*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
- */
-static int
-open_dev_crypto(void)
-{
-	static int fd = -1;
-
-	if (fd == -1) {
-		if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-			return (-1);
-		/* close on exec */
-		if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
-			close(fd);
-			fd = -1;
-			return (-1);
-		}
-	}
-	return (fd);
-}
-
-static int
-get_dev_crypto(void)
-{
-	int fd, retfd;
-
-	if ((fd = open_dev_crypto()) == -1)
-		return (-1);
-#ifndef CRIOGET_NOT_NEEDED
-	if (ioctl(fd, CRIOGET, &retfd) == -1)
-		return (-1);
-
-	/* close on exec */
-	if (fcntl(retfd, F_SETFD, 1) == -1) {
-		close(retfd);
-		return (-1);
-	}
-#else
-        retfd = fd;
-#endif
-	return (retfd);
-}
-
-static void put_dev_crypto(int fd)
-{
-#ifndef CRIOGET_NOT_NEEDED
-	close(fd);
-#endif
-}
-
-/* Caching version for asym operations */
-static int
-get_asym_dev_crypto(void)
-{
-	static int fd = -1;
-
-	if (fd == -1)
-		fd = get_dev_crypto();
-	return fd;
-}
-
-/*
- * Find out what ciphers /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
- * when asked for a handler in the cryptodev_engine_ciphers routine
- */
-static int
-get_cryptodev_ciphers(const int **cnids)
-{
-	static int nids[CRYPTO_ALGORITHM_MAX];
-	struct session_op sess;
-	int fd, i, count = 0;
-	unsigned char fake_key[EVP_MAX_KEY_LENGTH];
-
-	if ((fd = get_dev_crypto()) < 0) {
-		*cnids = NULL;
-		return (0);
-	}
-	memset(&sess, 0, sizeof(sess));
-	sess.key = (void*)fake_key;
-
-	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-		if (ciphers[i].nid == NID_undef)
-			continue;
-		sess.cipher = ciphers[i].id;
-		sess.keylen = ciphers[i].keylen;
-		sess.mac = 0;
-		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-			nids[count++] = ciphers[i].nid;
-	}
-	put_dev_crypto(fd);
-
-	if (count > 0)
-		*cnids = nids;
-	else
-		*cnids = NULL;
-	return (count);
-}
-
-#ifdef USE_CRYPTODEV_DIGESTS
-/*
- * Find out what digests /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
- * when asked for a handler in the cryptodev_engine_digests routine
- */
-static int
-get_cryptodev_digests(const int **cnids)
-{
-	static int nids[CRYPTO_ALGORITHM_MAX];
-	unsigned char fake_key[EVP_MAX_KEY_LENGTH];
-	struct session_op sess;
-	int fd, i, count = 0;
-
-	if ((fd = get_dev_crypto()) < 0) {
-		*cnids = NULL;
-		return (0);
-	}
-	memset(&sess, 0, sizeof(sess));
-	sess.mackey = fake_key;
-	for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-		if (digests[i].nid == NID_undef)
-			continue;
-		sess.mac = digests[i].id;
-		sess.mackeylen = 8;
-		sess.cipher = 0;
-		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-			nids[count++] = digests[i].nid;
-	}
-	put_dev_crypto(fd);
-
-	if (count > 0)
-		*cnids = nids;
-	else
-		*cnids = NULL;
-	return (count);
-}
-#endif  /* 0 */
-
-/*
- * Find the useable ciphers|digests from dev/crypto - this is the first
- * thing called by the engine init crud which determines what it
- * can use for ciphers from this engine. We want to return
- * only what we can do, anythine else is handled by software.
- *
- * If we can't initialize the device to do anything useful for
- * any reason, we want to return a NULL array, and 0 length,
- * which forces everything to be done is software. By putting
- * the initalization of the device in here, we ensure we can
- * use this engine as the default, and if for whatever reason
- * /dev/crypto won't do what we want it will just be done in
- * software
- *
- * This can (should) be greatly expanded to perhaps take into
- * account speed of the device, and what we want to do.
- * (although the disabling of particular alg's could be controlled
- * by the device driver with sysctl's.) - this is where we
- * want most of the decisions made about what we actually want
- * to use from /dev/crypto.
- */
-static int
-cryptodev_usable_ciphers(const int **nids)
-{
-	return (get_cryptodev_ciphers(nids));
-}
-
-static int
-cryptodev_usable_digests(const int **nids)
-{
-#ifdef USE_CRYPTODEV_DIGESTS
-	return (get_cryptodev_digests(nids));
-#else
-	/*
-	 * XXXX just disable all digests for now, because it sucks.
-	 * we need a better way to decide this - i.e. I may not
-	 * want digests on slow cards like hifn on fast machines,
-	 * but might want them on slow or loaded machines, etc.
-	 * will also want them when using crypto cards that don't
-	 * suck moose gonads - would be nice to be able to decide something
-	 * as reasonable default without having hackery that's card dependent.
-	 * of course, the default should probably be just do everything,
-	 * with perhaps a sysctl to turn algoritms off (or have them off
-	 * by default) on cards that generally suck like the hifn.
-	 */
-	*nids = NULL;
-	return (0);
-#endif
-}
-
-static int
-cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t inl)
-{
-	struct crypt_op cryp;
-	struct dev_crypto_state *state = ctx->cipher_data;
-	struct session_op *sess = &state->d_sess;
-	const void *iiv;
-	unsigned char save_iv[EVP_MAX_IV_LENGTH];
-
-	if (state->d_fd < 0)
-		return (0);
-	if (!inl)
-		return (1);
-	if ((inl % ctx->cipher->block_size) != 0)
-		return (0);
-
-	memset(&cryp, 0, sizeof(cryp));
-
-	cryp.ses = sess->ses;
-	cryp.flags = 0;
-	cryp.len = inl;
-	cryp.src = (void*) in;
-	cryp.dst = (void*) out;
-	cryp.mac = 0;
-
-	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
-	if (ctx->cipher->iv_len) {
-		cryp.iv = (void*) ctx->iv;
-		if (!ctx->encrypt) {
-			iiv = in + inl - ctx->cipher->iv_len;
-			memcpy(save_iv, iiv, ctx->cipher->iv_len);
-		}
-	} else
-		cryp.iv = NULL;
-
-	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
-		/* XXX need better errror handling
-		 * this can fail for a number of different reasons.
-		 */
-		return (0);
-	}
-
-	if (ctx->cipher->iv_len) {
-		if (ctx->encrypt)
-			iiv = out + inl - ctx->cipher->iv_len;
-		else
-			iiv = save_iv;
-		memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-	}
-	return (1);
-}
-
-static int
-cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc)
-{
-	struct dev_crypto_state *state = ctx->cipher_data;
-	struct session_op *sess = &state->d_sess;
-	int cipher = -1, i;
-
-	for (i = 0; ciphers[i].id; i++)
-		if (ctx->cipher->nid == ciphers[i].nid &&
-		    ctx->cipher->iv_len <= ciphers[i].ivmax &&
-		    ctx->key_len == ciphers[i].keylen) {
-			cipher = ciphers[i].id;
-			break;
-		}
-
-	if (!ciphers[i].id) {
-		state->d_fd = -1;
-		return (0);
-	}
-
-	memset(sess, 0, sizeof(struct session_op));
-
-	if ((state->d_fd = get_dev_crypto()) < 0)
-		return (0);
-
-	sess->key = (void*)key;
-	sess->keylen = ctx->key_len;
-	sess->cipher = cipher;
-
-	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-		put_dev_crypto(state->d_fd);
-		state->d_fd = -1;
-		return (0);
-	}
-	return (1);
-}
-
-/*
- * free anything we allocated earlier when initting a
- * session, and close the session.
- */
-static int
-cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
-{
-	int ret = 0;
-	struct dev_crypto_state *state = ctx->cipher_data;
-	struct session_op *sess = &state->d_sess;
-
-	if (state->d_fd < 0)
-		return (0);
-
-	/* XXX if this ioctl fails, someting's wrong. the invoker
-	 * may have called us with a bogus ctx, or we could
-	 * have a device that for whatever reason just doesn't
-	 * want to play ball - it's not clear what's right
-	 * here - should this be an error? should it just
-	 * increase a counter, hmm. For right now, we return
-	 * 0 - I don't believe that to be "right". we could
-	 * call the gorpy openssl lib error handlers that
-	 * print messages to users of the library. hmm..
-	 */
-
-	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
-		ret = 0;
-	} else {
-		ret = 1;
-	}
-	put_dev_crypto(state->d_fd);
-	state->d_fd = -1;
-
-	return (ret);
-}
-
-/*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
- */
-
-/* RC4 */
-const EVP_CIPHER cryptodev_rc4 = {
-	NID_rc4,
-	1, 16, 0,
-	EVP_CIPH_VARIABLE_LENGTH,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	NULL,
-	NULL,
-	NULL
-};
-
-/* DES CBC EVP */
-const EVP_CIPHER cryptodev_des_cbc = {
-	NID_des_cbc,
-	8, 8, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-/* 3DES CBC EVP */
-const EVP_CIPHER cryptodev_3des_cbc = {
-	NID_des_ede3_cbc,
-	8, 24, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-const EVP_CIPHER cryptodev_bf_cbc = {
-	NID_bf_cbc,
-	8, 16, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-const EVP_CIPHER cryptodev_cast_cbc = {
-	NID_cast5_cbc,
-	8, 16, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-const EVP_CIPHER cryptodev_aes_cbc = {
-	NID_aes_128_cbc,
-	16, 16, 16,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-const EVP_CIPHER cryptodev_aes_192_cbc = {
-	NID_aes_192_cbc,
-	16, 24, 16,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-const EVP_CIPHER cryptodev_aes_256_cbc = {
-	NID_aes_256_cbc,
-	16, 32, 16,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-/*
- * Registered by the ENGINE when used to find out how to deal with
- * a particular NID in the ENGINE. this says what we'll do at the
- * top level - note, that list is restricted by what we answer with
- */
-static int
-cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-    const int **nids, int nid)
-{
-	if (!cipher)
-		return (cryptodev_usable_ciphers(nids));
-
-	switch (nid) {
-	case NID_rc4:
-		*cipher = &cryptodev_rc4;
-		break;
-	case NID_des_ede3_cbc:
-		*cipher = &cryptodev_3des_cbc;
-		break;
-	case NID_des_cbc:
-		*cipher = &cryptodev_des_cbc;
-		break;
-	case NID_bf_cbc:
-		*cipher = &cryptodev_bf_cbc;
-		break;
-	case NID_cast5_cbc:
-		*cipher = &cryptodev_cast_cbc;
-		break;
-	case NID_aes_128_cbc:
-		*cipher = &cryptodev_aes_cbc;
-		break;
-	case NID_aes_192_cbc:
-		*cipher = &cryptodev_aes_192_cbc;
-		break;
-	case NID_aes_256_cbc:
-		*cipher = &cryptodev_aes_256_cbc;
-		break;
-	default:
-		*cipher = NULL;
-		break;
-	}
-	return (*cipher != NULL);
-}
-
-
-#ifdef USE_CRYPTODEV_DIGESTS
-
-/* convert digest type to cryptodev */
-static int
-digest_nid_to_cryptodev(int nid)
-{
-	int i;
-
-	for (i = 0; digests[i].id; i++)
-		if (digests[i].nid == nid)
-			return (digests[i].id);
-	return (0);
-}
-
-
-static int cryptodev_digest_init(EVP_MD_CTX *ctx)
-{
-	struct dev_crypto_state *state = ctx->md_data;
-	struct session_op *sess = &state->d_sess;
-	int digest;
-
-	if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
-		printf("cryptodev_digest_init: Can't get digest \n");
-		return (0);
-	}
-	memset(state, 0, sizeof(struct dev_crypto_state));
-
-	if ((state->d_fd = get_dev_crypto()) < 0) {
-		printf("cryptodev_digest_init: Can't get Dev \n");
-		return (0);
-	}
-
-	sess->mackey = NULL;
-	sess->mackeylen = 0;
-	sess->mac = digest;
-
-	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-		put_dev_crypto(state->d_fd);
-		state->d_fd = -1;
-		printf("cryptodev_digest_init: Open session failed\n");
-		return (0);
-	}
-
-	return (1);
-}
-
-static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-		size_t count)
-{
-	struct dev_crypto_state *state = ctx->md_data;
-	struct crypt_op cryp;
-	struct session_op *sess = &state->d_sess;
-
-	if (!data || state->d_fd < 0) {
-		printf("cryptodev_digest_update: illegal inputs \n");
-		return (0);
-	}
-
-	if (!count) {
-		return (1);
-	}
-
-	if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-		/* if application doesn't support one buffer */
-		state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
-
-		if (!state->mac_data) {
-			printf("cryptodev_digest_update: realloc failed\n");
-			return (0);
-		}
-
-		memcpy(state->mac_data + state->mac_len, data, count);
-   		state->mac_len += count;
-	
-		return (1);
-	}
-
-	memset(&cryp, 0, sizeof(cryp));
-
-	cryp.ses = sess->ses;
-	cryp.flags = 0;
-	cryp.len = count;
-	cryp.src = (void*) data;
-	cryp.dst = NULL;
-	cryp.mac = (void*) state->digest_res;
-	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-		printf("cryptodev_digest_update: digest failed\n");
-		return (0);
-	}
-	return (1);
-}
-
-
-static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-	struct crypt_op cryp;
-	struct dev_crypto_state *state = ctx->md_data;
-	struct session_op *sess = &state->d_sess;
-
-	if (!md || state->d_fd < 0) {
-		printf("cryptodev_digest_final: illegal input\n");
-		return(0);
-	}
-
-	if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
-		/* if application doesn't support one buffer */
-		memset(&cryp, 0, sizeof(cryp));
-		cryp.ses = sess->ses;
-		cryp.flags = 0;
-		cryp.len = state->mac_len;
-		cryp.src = state->mac_data;
-		cryp.dst = NULL;
-		cryp.mac = (void*)md;
-		if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-			printf("cryptodev_digest_final: digest failed\n");
-			return (0);
-		}
-
-		return 1;
-	}
-
-	memcpy(md, state->digest_res, ctx->digest->md_size);
-
-	return 1;
-}
-
-
-static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-{
-	int ret = 1;
-	struct dev_crypto_state *state = ctx->md_data;
-	struct session_op *sess = &state->d_sess;
-
-	if (state == NULL)
-	  return 0;
-
-	if (state->d_fd < 0) {
-		printf("cryptodev_digest_cleanup: illegal input\n");
-		return (0);
-	}
-
-	if (state->mac_data) {
-		OPENSSL_free(state->mac_data);
-		state->mac_data = NULL;
-		state->mac_len = 0;
-	}
-
-	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-		printf("cryptodev_digest_cleanup: failed to close session\n");
-		ret = 0;
-	} else {
-		ret = 1;
-	}
-	put_dev_crypto(state->d_fd);	
-	state->d_fd = -1;
-
-	return (ret);
-}
-
-static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
-{
-	struct dev_crypto_state *fstate = from->md_data;
-	struct dev_crypto_state *dstate = to->md_data;
-	struct session_op *sess;
-	int digest;
-
-	if (dstate == NULL || fstate == NULL)
-	  return 1;
-
-       	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
-
-	sess = &dstate->d_sess;
-
-	digest = digest_nid_to_cryptodev(to->digest->type);
-
-	sess->mackey = NULL;
-	sess->mackeylen = 0;
-	sess->mac = digest;
-
-	dstate->d_fd = get_dev_crypto();
-
-	if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
-		put_dev_crypto(dstate->d_fd);
-		dstate->d_fd = -1;
-		printf("cryptodev_digest_init: Open session failed\n");
-		return (0);
-	}
-
-	if (fstate->mac_len != 0) {
-	        if (fstate->mac_data != NULL)
-	                {
-        		dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-	        	memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
-           		dstate->mac_len = fstate->mac_len;
-	        	}
-	}
-
-	return 1;
-}
-
-
-static const EVP_MD cryptodev_sha1 = {
-	NID_sha1,
-	NID_sha1WithRSAEncryption,
-	SHA_DIGEST_LENGTH, 
-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-	cryptodev_digest_init,
-	cryptodev_digest_update,
-	cryptodev_digest_final,
-	cryptodev_digest_copy,
-	cryptodev_digest_cleanup,
-	EVP_PKEY_RSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-};
-
-static const EVP_MD cryptodev_sha256 = {
-	NID_sha256,
-	NID_sha256WithRSAEncryption,
-	SHA256_DIGEST_LENGTH, 
-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-	cryptodev_digest_init,
-	cryptodev_digest_update,
-	cryptodev_digest_final,
-	cryptodev_digest_copy,
-	cryptodev_digest_cleanup,
-	EVP_PKEY_RSA_method,
-	SHA256_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-};
-
-static const EVP_MD cryptodev_sha384 = {
-	NID_sha384,
-	NID_sha384WithRSAEncryption, 
-	SHA384_DIGEST_LENGTH, 
-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-	cryptodev_digest_init,
-	cryptodev_digest_update,
-	cryptodev_digest_final,
-	cryptodev_digest_copy,
-	cryptodev_digest_cleanup,
-	EVP_PKEY_RSA_method,
-	SHA512_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-};
-
-static const EVP_MD cryptodev_sha512 = {
-	NID_sha512,
-	NID_sha512WithRSAEncryption, 
-	SHA512_DIGEST_LENGTH, 
-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-	cryptodev_digest_init,
-	cryptodev_digest_update,
-	cryptodev_digest_final,
-	cryptodev_digest_copy,
-	cryptodev_digest_cleanup,
-	EVP_PKEY_RSA_method,
-	SHA512_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-};
-
-static const EVP_MD cryptodev_md5 = {
-	NID_md5,
-	NID_md5WithRSAEncryption, 
-	16 /* MD5_DIGEST_LENGTH */, 
-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT,
-	cryptodev_digest_init,
-	cryptodev_digest_update,
-	cryptodev_digest_final,
-	cryptodev_digest_copy,
-	cryptodev_digest_cleanup,
-	EVP_PKEY_RSA_method,
-	64 /* MD5_CBLOCK */,
-	sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
-};
-
-#endif /* USE_CRYPTODEV_DIGESTS */
-
-
-static int
-cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-    const int **nids, int nid)
-{
-	if (!digest)
-		return (cryptodev_usable_digests(nids));
-
-	switch (nid) {
-#ifdef USE_CRYPTODEV_DIGESTS
-	case NID_md5:
-		*digest = &cryptodev_md5; 
-		break;
-	case NID_sha1:
-		*digest = &cryptodev_sha1;
- 		break;
-	case NID_sha256:
-		*digest = &cryptodev_sha256;
- 		break;
-	case NID_sha384:
-		*digest = &cryptodev_sha384;
- 		break;
-	case NID_sha512:
-		*digest = &cryptodev_sha512;
- 		break;
-	default:
-#endif /* USE_CRYPTODEV_DIGESTS */
-		*digest = NULL;
-		break;
-	}
-	return (*digest != NULL);
-}
-
-/*
- * Convert a BIGNUM to the representation that /dev/crypto needs.
- * Upon completion of use, the caller is responsible for freeing
- * crp->crp_p.
- */
-static int
-bn2crparam(const BIGNUM *a, struct crparam *crp)
-{
-	int i, j, k;
-	ssize_t bytes, bits;
-	u_char *b;
-
-	crp->crp_p = NULL;
-	crp->crp_nbits = 0;
-
-	bits = BN_num_bits(a);
-	bytes = (bits + 7) / 8;
-
-	b = malloc(bytes);
-	if (b == NULL)
-		return (1);
-	memset(b, 0, bytes);
-
-	crp->crp_p = (void*) b;
-	crp->crp_nbits = bits;
-
-	for (i = 0, j = 0; i < a->top; i++) {
-		for (k = 0; k < BN_BITS2 / 8; k++) {
-			if ((j + k) >= bytes)
-				return (0);
-			b[j + k] = a->d[i] >> (k * 8);
-		}
-		j += BN_BITS2 / 8;
-	}
-	return (0);
-}
-
-/* Convert a /dev/crypto parameter to a BIGNUM */
-static int
-crparam2bn(struct crparam *crp, BIGNUM *a)
-{
-	u_int8_t *pd;
-	int i, bytes;
-
-	bytes = (crp->crp_nbits + 7) / 8;
-
-	if (bytes == 0)
-		return (-1);
-
-	if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-		return (-1);
-
-	for (i = 0; i < bytes; i++)
-		pd[i] = crp->crp_p[bytes - i - 1];
-
-	BN_bin2bn(pd, bytes, a);
-	free(pd);
-
-	return (0);
-}
-
-static void
-zapparams(struct crypt_kop *kop)
-{
-	int i;
-
-	for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
-		if (kop->crk_param[i].crp_p)
-			free(kop->crk_param[i].crp_p);
-		kop->crk_param[i].crp_p = NULL;
-		kop->crk_param[i].crp_nbits = 0;
-	}
-}
-
-static int
-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
-{
-	int fd, ret = -1;
-
-	if ((fd = get_asym_dev_crypto()) < 0)
-		return (ret);
-
-	if (r) {
-		kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-		kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-		kop->crk_oparams++;
-	}
-	if (s) {
-		kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-		kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-		kop->crk_oparams++;
-	}
-
-	if (ioctl(fd, CIOCKEY, kop) == 0) {
-		if (r)
-			crparam2bn(&kop->crk_param[kop->crk_iparams], r);
-		if (s)
-			crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
-		ret = 0;
-	}
-
-	return (ret);
-}
-
-static int
-cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
-	struct crypt_kop kop;
-	int ret = 1;
-
-	/* Currently, we know we can do mod exp iff we can do any
-	 * asymmetric operations at all.
-	 */
-	if (cryptodev_asymfeat == 0) {
-		ret = BN_mod_exp(r, a, p, m, ctx);
-		return (ret);
-	}
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_MOD_EXP;
-
-	/* inputs: a^p % m */
-	if (bn2crparam(a, &kop.crk_param[0]))
-		goto err;
-	if (bn2crparam(p, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(m, &kop.crk_param[2]))
-		goto err;
-	kop.crk_iparams = 3;
-
-	if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF asym process failed, Running in software\n");
-		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-
-	} else if (ECANCELED == kop.crk_status) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF hardware operation cancelled. Running in Software\n");
-		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-	}
-	/* else cryptodev operation worked ok ==> ret = 1*/
-
-err:
-	zapparams(&kop);
-	return (ret);
-}
-
-static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
-	int r;
-	ctx = BN_CTX_new();
-	r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
-	BN_CTX_free(ctx);
-	return (r);
-}
-
-static int
-cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
-	struct crypt_kop kop;
-	int ret = 1;
-
-	if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-		/* XXX 0 means failure?? */
-		return (0);
-	}
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_MOD_EXP_CRT;
-	/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-	if (bn2crparam(rsa->p, &kop.crk_param[0]))
-		goto err;
-	if (bn2crparam(rsa->q, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(I, &kop.crk_param[2]))
-		goto err;
-	if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-		goto err;
-	if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-		goto err;
-	if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-		goto err;
-	kop.crk_iparams = 6;
-
-	if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF asym process failed, running in Software\n");
-		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-
-	} else if (ECANCELED == kop.crk_status) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF hardware operation cancelled. Running in Software\n");
-		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-	}
-	/* else cryptodev operation worked ok ==> ret = 1*/
-
-err:
-	zapparams(&kop);
-	return (ret);
-}
-
-static RSA_METHOD cryptodev_rsa = {
-	"cryptodev RSA method",
-	NULL,				/* rsa_pub_enc */
-	NULL,				/* rsa_pub_dec */
-	NULL,				/* rsa_priv_enc */
-	NULL,				/* rsa_priv_dec */
-	NULL,
-	NULL,
-	NULL,				/* init */
-	NULL,				/* finish */
-	0,				/* flags */
-	NULL,				/* app_data */
-	NULL,				/* rsa_sign */
-	NULL				/* rsa_verify */
-};
-
-static int
-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-}
-
-static int
-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-    BN_CTX *ctx, BN_MONT_CTX *mont)
-{
-	BIGNUM t2;
-	int ret = 0;
-
-	BN_init(&t2);
-
-	/* v = ( g^u1 * y^u2 mod p ) mod q */
-	/* let t1 = g ^ u1 mod p */
-	ret = 0;
-
-	if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
-		goto err;
-
-	/* let t2 = y ^ u2 mod p */
-	if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
-		goto err;
-	/* let u1 = t1 * t2 mod p */
-	if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
-		goto err;
-
-	BN_copy(t1,u1);
-
-	ret = 1;
-err:
-	BN_free(&t2);
-	return(ret);
-}
-
-static DSA_SIG *
-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
-	struct crypt_kop kop;
-	BIGNUM *r = NULL, *s = NULL;
-	DSA_SIG *dsaret = NULL;
-
-	if ((r = BN_new()) == NULL)
-		goto err;
-	if ((s = BN_new()) == NULL) {
-		BN_free(r);
-		goto err;
-	}
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_DSA_SIGN;
-
-	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-	kop.crk_param[0].crp_p = (void*)dgst;
-	kop.crk_param[0].crp_nbits = dlen * 8;
-	if (bn2crparam(dsa->p, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(dsa->q, &kop.crk_param[2]))
-		goto err;
-	if (bn2crparam(dsa->g, &kop.crk_param[3]))
-		goto err;
-	if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-		goto err;
-	kop.crk_iparams = 5;
-
-	if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-	    BN_num_bytes(dsa->q), s) == 0) {
-		dsaret = DSA_SIG_new();
-		dsaret->r = r;
-		dsaret->s = s;
-	} else {
-		const DSA_METHOD *meth = DSA_OpenSSL();
-		BN_free(r);
-		BN_free(s);
-		dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-	}
-err:
-	kop.crk_param[0].crp_p = NULL;
-	zapparams(&kop);
-	return (dsaret);
-}
-
-static int
-cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
-    DSA_SIG *sig, DSA *dsa)
-{
-	struct crypt_kop kop;
-	int dsaret = 1;
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_DSA_VERIFY;
-
-	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-	kop.crk_param[0].crp_p = (void*)dgst;
-	kop.crk_param[0].crp_nbits = dlen * 8;
-	if (bn2crparam(dsa->p, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(dsa->q, &kop.crk_param[2]))
-		goto err;
-	if (bn2crparam(dsa->g, &kop.crk_param[3]))
-		goto err;
-	if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-		goto err;
-	if (bn2crparam(sig->r, &kop.crk_param[5]))
-		goto err;
-	if (bn2crparam(sig->s, &kop.crk_param[6]))
-		goto err;
-	kop.crk_iparams = 7;
-
-	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-/*OCF success value is 0, if not zero, change dsaret to fail*/
-		if(0 != kop.crk_status) dsaret  = 0;
-	} else {
-		const DSA_METHOD *meth = DSA_OpenSSL();
-
-		dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-	}
-err:
-	kop.crk_param[0].crp_p = NULL;
-	zapparams(&kop);
-	return (dsaret);
-}
-
-static DSA_METHOD cryptodev_dsa = {
-	"cryptodev DSA method",
-	NULL,
-	NULL,				/* dsa_sign_setup */
-	NULL,
-	NULL,				/* dsa_mod_exp */
-	NULL,
-	NULL,				/* init */
-	NULL,				/* finish */
-	0,	/* flags */
-	NULL	/* app_data */
-};
-
-static int
-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-    BN_MONT_CTX *m_ctx)
-{
-	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-}
-
-static int
-cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-{
-	struct crypt_kop kop;
-	int dhret = 1;
-	int fd, keylen;
-
-	if ((fd = get_asym_dev_crypto()) < 0) {
-		const DH_METHOD *meth = DH_OpenSSL();
-
-		return ((meth->compute_key)(key, pub_key, dh));
-	}
-
-	keylen = BN_num_bits(dh->p);
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_DH_COMPUTE_KEY;
-
-	/* inputs: dh->priv_key pub_key dh->p key */
-	if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-		goto err;
-	if (bn2crparam(pub_key, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(dh->p, &kop.crk_param[2]))
-		goto err;
-	kop.crk_iparams = 3;
-
-	kop.crk_param[3].crp_p = (void*) key;
-	kop.crk_param[3].crp_nbits = keylen * 8;
-	kop.crk_oparams = 1;
-
-	if (ioctl(fd, CIOCKEY, &kop) == -1) {
-		const DH_METHOD *meth = DH_OpenSSL();
-
-		dhret = (meth->compute_key)(key, pub_key, dh);
-	}
-err:
-	kop.crk_param[3].crp_p = NULL;
-	zapparams(&kop);
-	return (dhret);
-}
-
-static DH_METHOD cryptodev_dh = {
-	"cryptodev DH method",
-	NULL,				/* cryptodev_dh_generate_key */
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	0,	/* flags */
-	NULL	/* app_data */
-};
-
-/*
- * ctrl right now is just a wrapper that doesn't do much
- * but I expect we'll want some options soon.
- */
-static int
-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-{
-#ifdef HAVE_SYSLOG_R
-	struct syslog_data sd = SYSLOG_DATA_INIT;
-#endif
-
-	switch (cmd) {
-	default:
-#ifdef HAVE_SYSLOG_R
-		syslog_r(LOG_ERR, &sd,
-		    "cryptodev_ctrl: unknown command %d", cmd);
-#else
-		syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
-#endif
-		break;
-	}
-	return (1);
-}
-
-void
-ENGINE_load_cryptodev(void)
-{
-	ENGINE *engine = ENGINE_new();
-	int fd;
-
-	if (engine == NULL)
-		return;
-	if ((fd = get_dev_crypto()) < 0) {
-		ENGINE_free(engine);
-		return;
-	}
-
-	/*
-	 * find out what asymmetric crypto algorithms we support
-	 */
-	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-		put_dev_crypto(fd);
-		ENGINE_free(engine);
-		return;
-	}
-	put_dev_crypto(fd);
-
-	if (!ENGINE_set_id(engine, "cryptodev") ||
-	    !ENGINE_set_name(engine, "cryptodev engine") ||
-	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
-	    !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
-	    !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
-	    !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
-		ENGINE_free(engine);
-		return;
-	}
-
-	if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
-		const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
-
-		cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
-		cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
-		cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
-		cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
-		cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
-		cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
-		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-			cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-				cryptodev_rsa.rsa_mod_exp =
-				    cryptodev_rsa_mod_exp;
-			else
-				cryptodev_rsa.rsa_mod_exp =
-				    cryptodev_rsa_nocrt_mod_exp;
-		}
-	}
-
-	if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
-		const DSA_METHOD *meth = DSA_OpenSSL();
-
-		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-		if (cryptodev_asymfeat & CRF_DSA_SIGN)
-			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-			cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-			cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-		}
-		if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-	}
-
-	if (ENGINE_set_DH(engine, &cryptodev_dh)){
-		const DH_METHOD *dh_meth = DH_OpenSSL();
-
-		cryptodev_dh.generate_key = dh_meth->generate_key;
-		cryptodev_dh.compute_key = dh_meth->compute_key;
-		cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-			cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-			if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-				cryptodev_dh.compute_key =
-				    cryptodev_dh_compute_key;
-		}
-	}
-
-	ENGINE_add(engine);
-	ENGINE_free(engine);
-	ERR_clear_error();
-}
-
-#endif /* HAVE_CRYPTODEV */

package/openvpn/Makefile

@@ -8,19 +8,13 @@ PKG_VERSION:=		2.3.11
 PKG_RELEASE:=		1
 PKG_HASH:=		0f5f1ca1dc5743fa166d93dd4ec952f014b5f33bafd88f0ea34b455cae1434a7
 PKG_DESCR:=		vpn solution using ssl/tls
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_KDEPENDS:=		tun
 PKG_SECTION:=		net/security
 PKG_URL:=		http://openvpn.net/
 PKG_SITES:=		http://swupdate.openvpn.org/community/releases/
 
-PKG_CHOICES_OPENVPN:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 PKG_FLAVOURS_OPENVPN:=	WITH_LZO WITH_MANAGEMENT WITH_HTTPPROXY WITH_SOCKS WITH_SMALL
 PKGFD_WITH_LZO:=	enable lzo compression support
 PKGFS_WITH_LZO:=	liblzo

package/raddump/Makefile

@@ -9,21 +9,13 @@ PKG_RELEASE:=		1
 PKG_HASH:=		f2d5c80164a5064d25e112f3ead9952d86200b022da584bddbc4afea948cb970
 PKG_DESCR:=		interprets captured radius packets
 PKG_SECTION:=		net/radius
-PKG_DEPENDS:=		libpcap
-PKG_BUILDDEP:=		libpcap
+PKG_DEPENDS:=		libpcap libressl
+PKG_BUILDDEP:=		libpcap libressl
 PKG_URL:=		http://sourceforge.net/projects/raddump
 PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=raddump/}
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_RADDUMP:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,RADDUMP,raddump,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))

package/rdesktop/Makefile

@@ -9,21 +9,13 @@ PKG_RELEASE:=		1
 PKG_HASH:=		76cc834b89c34d8332f3cb3889483b2ae4d4e8118eeb45a8967c77dd18228246
 PKG_DESCR:=		client for windows terminal services
 PKG_SECTION:=		x11/apps
-PKG_DEPENDS:=		libsamplerate alsa-lib libao
-PKG_BUILDDEP:=		libsamplerate alsa-lib libao
+PKG_DEPENDS:=		libsamplerate alsa-lib libao libressl
+PKG_BUILDDEP:=		libsamplerate alsa-lib libao libressl
 PKG_URL:=		http://www.rdesktop.org/
 PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=rdesktop/}
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_RDESKTOP:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,RDESKTOP,rdesktop,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))

package/sipsak/Makefile

@@ -14,14 +14,11 @@ PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=sipsak.berlios/}
 
 DISTFILES:=		$(PKG_NAME)-$(PKG_VERSION)-1.tar.gz
 
-PKG_CHOICES_SIPSAK:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_SIPSAK:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include ${ADK_TOPDIR}/mk/package.mk
 

package/socat/Makefile

@@ -15,14 +15,11 @@ PKG_SITES:=		http://www.dest-unreach.org/socat/download/
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_SOCAT:=	WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_SOCAT:=	WITH_LIBRESSL WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCB_WITH_LIBRESSL:=	libressl
 PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include ${ADK_TOPDIR}/mk/package.mk
 
@@ -36,9 +33,6 @@ CONFIGURE_ENV+=		sc_cv_termios_ispeed=no \
 CONFIGURE_ARGS+=	--disable-libwrap \
 			--disable-readline
 
-ifeq (${ADK_PACKAGE_SOCAT_WITH_OPENSSL},y)
-CONFIGURE_ARGS+=	--enable-openssl
-endif
 ifeq (${ADK_PACKAGE_SOCAT_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	--enable-openssl
 endif

package/ssltunnel/Makefile

@@ -1,38 +0,0 @@
-# This file is part of the OpenADK project. OpenADK is copyrighted
-# material, please see the LICENCE file in the top-level directory.
-
-include ${ADK_TOPDIR}/rules.mk
-
-PKG_NAME:=		ssltunnel
-PKG_VERSION:=		1.18
-PKG_RELEASE:=		1
-PKG_HASH:=		1d2e4bbc935341775e7cc26dae980d6bdd5e8351f5a0cbf4d85363ac5d71081f
-PKG_DESCR:=		ppp over ssl vpn tool
-PKG_SECTION:=		net/security
-PKG_DEPENDS:=		ppp libopenssl
-PKG_BUILDDEP:=		ppp openssl
-PKG_SITES:=		http://www.hsc.fr/ressources/outils/ssltunnel/download/
-
-DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
-
-PKG_LIBC_DEPENDS:=	uclibc-ng glibc
-
-include ${ADK_TOPDIR}/mk/package.mk
-
-$(eval $(call PKG_template,SSLTUNNEL,ssltunnel,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
-
-CONFIGURE_ENV+=		BUILD_CC="${TARGET_CC}"
-XAKE_FLAGS+=		CCOPT="${TARGET_CFLAGS}" INCLS="-I. -I${STAGING_TARGET_DIR}/usr/include"
-
-ssltunnel-install:
-	${INSTALL_DIR} ${IDIR_SSLTUNNEL}/usr/bin
-	${INSTALL_DIR} ${IDIR_SSLTUNNEL}/usr/sbin
-	${INSTALL_DIR} ${IDIR_SSLTUNNEL}/usr/libexec
-	${INSTALL_BIN} ${WRKINST}/usr/bin/pppclient \
-		${IDIR_SSLTUNNEL}/usr/bin/
-	${INSTALL_BIN} ${WRKINST}/usr/sbin/pppwho \
-		${IDIR_SSLTUNNEL}/usr/sbin/
-	${INSTALL_BIN} ${WRKINST}/usr/libexec/pppserver \
-		${IDIR_SSLTUNNEL}/usr/libexec/
-
-include ${ADK_TOPDIR}/mk/pkg-bottom.mk

package/ssltunnel/patches/patch-client_ntlmauth_c

@@ -1,11 +0,0 @@
-$Id$
---- ssltunnel-1.15.orig/client/ntlmauth.c	2004-03-10 13:35:21.000000000 +0000
-+++ ssltunnel-1.15/client/ntlmauth.c	2007-08-13 21:25:22.000000000 +0000
-@@ -34,6 +34,7 @@
- #include <syslog.h>
- #include <iconv.h>
- #include <ctype.h>
-+#include <openssl/des.h>
- 
- #ifndef INADDR_NONE
- #define       INADDR_NONE             0xffffffff

package/strongswan/Makefile

@@ -15,13 +15,10 @@ PKG_SITES:=		http://download.strongswan.org/
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_STRONGSWAN:=WITH_LIBRESSL WITH_GNUTLS WITH_OPENSSL WITH_GMP
+PKG_CHOICES_STRONGSWAN:=WITH_LIBRESSL WITH_GNUTLS WITH_GMP
 PKGCD_WITH_GMP:=	use gmp for crypto
 PKGCS_WITH_GMP:=	libgmp
 PKGCB_WITH_GMP:=	gmp
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCS_WITH_OPENSSL:=	libopenssl
-PKGCB_WITH_OPENSSL:=	openssl
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCS_WITH_LIBRESSL:=	libressl
 PKGCB_WITH_LIBRESSL:=	libressl
@@ -33,11 +30,6 @@ include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,STRONGSWAN,strongswan,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
-ifeq (${ADK_PACKAGE_STRONGSWAN_WITH_OPENSSL},y)
-CONFIGURE_ARGS+=	--enable-openssl \
-			--disable-gcrypt \
-			--disable-gmp
-endif
 ifeq (${ADK_PACKAGE_STRONGSWAN_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	--enable-openssl \
 			--disable-gcrypt \

package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c

@@ -0,0 +1,11 @@
+--- strongswan-5.5.0.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c	2016-06-30 16:20:10.000000000 +0200
++++ strongswan-5.5.0/src/libstrongswan/plugins/openssl/openssl_plugin.c	2016-09-30 05:36:45.015692462 +0200
+@@ -573,7 +573,7 @@ plugin_t *openssl_plugin_create()
+ 		},
+ 	);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 	/* note that we can't call OPENSSL_cleanup() when the plugin is destroyed
+ 	 * as we couldn't initialize the library again afterwards */
+ 	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG |

package/strongswan/patches/patch-src_starter_netkey_c

@@ -1,6 +1,6 @@
---- strongswan-5.0.0.orig/src/starter/netkey.c	2012-06-13 06:32:03.000000000 +0200
-+++ strongswan-5.0.0/src/starter/netkey.c	2012-07-26 16:55:59.000000000 +0200
-@@ -43,6 +43,7 @@ bool starter_netkey_init(void)
+--- strongswan-5.5.0.orig/src/starter/netkey.c	2016-04-22 22:01:35.000000000 +0200
++++ strongswan-5.5.0/src/starter/netkey.c	2016-09-30 05:30:43.681874545 +0200
+@@ -42,6 +42,7 @@ bool starter_netkey_init(void)
  	}
  
  	/* make sure that all required IPsec modules are loaded */
@@ -8,7 +8,7 @@
  	if (stat(PROC_MODULES, &stb) == 0)
  	{
  		ignore_result(system("modprobe -qv ah4"));
-@@ -51,6 +52,7 @@ bool starter_netkey_init(void)
+@@ -50,6 +51,7 @@ bool starter_netkey_init(void)
  		ignore_result(system("modprobe -qv xfrm4_tunnel"));
  		ignore_result(system("modprobe -qv xfrm_user"));
  	}

package/stunnel/Makefile

@@ -1,33 +0,0 @@
-# This file is part of the OpenADK project. OpenADK is copyrighted
-# material, please see the LICENCE file in the top-level directory.
-
-include $(ADK_TOPDIR)/rules.mk
-
-PKG_NAME:=		stunnel
-PKG_VERSION:=		5.36
-PKG_RELEASE:=		1
-PKG_HASH:=		eb8952fcfdfcdf5056a1f1a78e1ec5014b819c5f5f7599b924dc4490ffe4b5ea
-PKG_DESCR:=		encryption wrapper
-PKG_SECTION:=		net/security
-PKG_DEPENDS:=		libopenssl
-PKG_BUILDDEP:=		openssl
-PKG_URL:=		https://www.stunnel.org
-PKG_SITES:=		https://www.stunnel.org/downloads/
-
-DISTFILES:=             ${PKG_NAME}-${PKG_VERSION}.tar.gz
-
-include $(ADK_TOPDIR)/mk/package.mk
-
-$(eval $(call PKG_template,STUNNEL,stunnel,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
-
-AUTOTOOL_STYLE:=	autoreconf
-CONFIGURE_ARGS+=	--with-ssl=${STAGING_TARGET_DIR}/usr \
-			--disable-systemd \
-			--disable-libwrap
-
-stunnel-install:
-	$(INSTALL_DIR) $(IDIR_STUNNEL)/usr/bin
-	$(INSTALL_BIN) $(WRKINST)/usr/bin/stunnel \
-		$(IDIR_STUNNEL)/usr/bin
-
-include ${ADK_TOPDIR}/mk/pkg-bottom.mk

package/stunnel/patches/patch-configure_ac

@@ -1,21 +0,0 @@
---- stunnel-5.31.orig/configure.ac	2016-02-03 18:23:10.000000000 +0100
-+++ stunnel-5.31/configure.ac	2016-03-13 13:33:26.000000000 +0100
-@@ -86,18 +86,6 @@ if test "$GCC" = yes; then
-     AX_APPEND_COMPILE_FLAGS([-Wconversion])
-     AX_APPEND_COMPILE_FLAGS([-Wno-long-long])
-     AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations])
--    AX_APPEND_COMPILE_FLAGS([-fPIE])
--    case "${host}" in
--        avr-*.* | powerpc-*-aix* | rl78-*.* | visium-*.*)
--            ;;
--        *)
--            AX_APPEND_COMPILE_FLAGS([-fstack-protector])
--            ;;
--    esac
--    AX_APPEND_LINK_FLAGS([-fPIE -pie])
--    AX_APPEND_LINK_FLAGS([-Wl,-z,relro])
--    AX_APPEND_LINK_FLAGS([-Wl,-z,now])
--    AX_APPEND_LINK_FLAGS([-Wl,-z,noexecstack])
- fi
- AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])
- 

package/supl/Makefile

@@ -9,26 +9,21 @@ PKG_RELEASE:=		1
 PKG_HASH:=		068dc47ce818ce5634f09a88159df85a6ce3456e2467b11b8c5f8543a99bb347
 PKG_DESCR:=		tools for accessing sup/rrlp server
 PKG_SECTION:=		net/misc
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_URL:=		http://www.tajuma.com/supl/
 PKG_SITES:=		$(MASTER_SITE_SOURCEFORGE:=supl/)
 
 DISTFILES:=             $(PKG_NAME)_$(PKG_VERSION).tar.gz
 WRKDIST=		$(WRKDIR)/trunk
 
-PKG_CHOICES_SUPL:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,SUPL,supl,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION)))
 
 CONFIG_STYLE:=		minimal
-CONFIGURE_ARGS+=	--precompiled-asn1=yes --prefix="$(WRKINST)/usr"
+CONFIGURE_ARGS+=	--prefix="$(WRKINST)/usr" \
+			--precompiled-asn1=yes
 
 supl-install:
 	$(INSTALL_DIR) $(IDIR_SUPL)/usr/{bin,lib}

package/tinc/Makefile

@@ -9,22 +9,14 @@ PKG_RELEASE:=		1
 PKG_HASH:=		0b502699360f09ce2128a39cf02abca07bfc699fc02ce829b3a90cf5e1e8b344
 PKG_DESCR:=		vpn tunnel daemon
 PKG_SECTION:=		net/security
-PKG_DEPENDS:=		zlib liblzo
-PKG_BUILDDEP:=		zlib liblzo
+PKG_DEPENDS:=		zlib liblzo libressl
+PKG_BUILDDEP:=		zlib liblzo libressl
 PKG_KDEPENDS:=		tun
 PKG_URL:=		http://www.tinc-vpn.org/
 PKG_SITES:=		http://www.tinc-vpn.org/packages/
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_TINC:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl
-
 include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,TINC,tinc,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))

package/tmsnc/Makefile

@@ -9,17 +9,11 @@ PKG_RELEASE:=		2
 PKG_HASH:=		7f54ba3974f45c0787b6d62d0d62ce352ddbf95419123b98b4969b97d3dfed23
 PKG_DESCR:=		textbased msn client
 PKG_SECTION:=		app/chat
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_URL:=		http://tmsnc.sourceforge.net/
 PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=tmsnc/}
 
-PKG_CHOICES_TMSNC:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
-
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
 include ${ADK_TOPDIR}/mk/package.mk
@@ -27,6 +21,7 @@ include ${ADK_TOPDIR}/mk/package.mk
 $(eval $(call PKG_template,TMSNC,tmsnc,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
 TARGET_LDFLAGS+=	-ltinfo
+
 CONFIGURE_ARGS+=	--with-libiconv-prefix=${STAGING_TARGET_DIR}/usr \
 			--with-openssl=${STAGING_TARGET_DIR}/usr \
 			--with-ncurses=${STAGING_TARGET_DIR}

package/tntnet/Makefile

@@ -17,17 +17,14 @@ PKG_SITES:=		http://www.tntnet.org/download/
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_TNTNET:=	WITHOUT_SSL WITH_GNUTLS WITH_OPENSSL WITH_LIBRESSL
-PKGCD_WITHOUT_SSL:=	use no ssl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCS_WITH_OPENSSL:=	libopenssl
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCD_WITH_OPENSSL:=	use libressl for crypto
-PKGCS_WITH_OPENSSL:=	libressl
-PKGCB_WITH_OPENSSL:=	libressl
+PKG_CHOICES_TNTNET:=	WITH_LIBRESSL WITH_GNUTLS WITHOUT_SSL
+PKGCD_WITH_LIBRESSL:=	use libressl for crypto
+PKGCS_WITH_LIBRESSL:=	libressl
+PKGCB_WITH_LIBRESSL:=	libressl
 PKGCD_WITH_GNUTLS:=	use gnutls for crypto
 PKGCS_WITH_GNUTLS:=	libgnutls
 PKGCB_WITH_GNUTLS:=	gnutls
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include ${ADK_TOPDIR}/mk/package.mk
 
@@ -36,9 +33,6 @@ $(eval $(call PKG_template,TNTNET,tntnet,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEP
 ifeq (${ADK_PACKAGE_TNTNET_WITHOUT_SSL},y)
 CONFIGURE_ARGS+=	--with-ssl=no
 endif
-ifeq (${ADK_PACKAGE_TNTNET_WITH_OPENSSL},y)
-CONFIGURE_ARGS+=	--with-ssl=openssl
-endif
 ifeq (${ADK_PACKAGE_TNTNET_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	--with-ssl=openssl
 endif

package/tor/Makefile

@@ -9,20 +9,12 @@ PKG_RELEASE:=		2
 PKG_HASH:=		493a8679f904503048114aca6467faef56861206bab8283d858f37141d95105d
 PKG_DESCR:=		anonymous internet communication system
 PKG_SECTION:=		net/proxy
-PKG_DEPENDS:=		libevent zlib
-PKG_BUILDDEP:=		libevent zlib
+PKG_DEPENDS:=		libevent zlib libressl
+PKG_BUILDDEP:=		libevent zlib libressl
 PKG_NEEDS:=		threads
 PKG_URL:=		https://www.torproject.org/
 PKG_SITES:=		https://www.torproject.org/dist/
 
-PKG_CHOICES_TOR:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
-
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
 include ${ADK_TOPDIR}/mk/package.mk

package/tvheadend/Makefile

@@ -9,17 +9,11 @@ PKG_GIT:=		hash
 PKG_RELEASE:=		3
 PKG_DESCR:=		tv streaming server
 PKG_SECTION:=		mm/video
+PKG_DEPENDS:=		libressl
+PKG_BUILDDEP:=		libressl
 PKG_URL:=		https://tvheadend.org/projects/tvheadend
 PKG_SITES:=		https://github.com/tvheadend/tvheadend.git
 
-PKG_CHOICES_TVHEADEND:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
-
 include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,TVHEADEND,tvheadend,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION)))

package/vtun/Makefile

@@ -9,19 +9,11 @@ PKG_RELEASE:=		1
 PKG_HASH:=		22507499a8f650ef97157977e62fa632d5b0034070629a2d0fd0512e304eaeeb
 PKG_DESCR:=		vpn tunnel daemon
 PKG_SECTION:=		net/security
-PKG_DEPENDS:=		zlib liblzo
-PKG_BUILDDEP:=		zlib liblzo
+PKG_DEPENDS:=		zlib liblzo libressl
+PKG_BUILDDEP:=		zlib liblzo libressl
 PKG_KDEPENDS:=		tun
 PKG_SITES:=		${MASTER_SITE_SOURCEFORGE:=vtun/}
 
-PKG_CHOICES_VTUN:=	WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_LIBRESSL:=	use libressl for crypto
-PKGCB_WITH_LIBRESSL:=	libressl
-PKGCS_WITH_LIBRESSL:=	libressl ca-certificates
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCB_WITH_OPENSSL:=	openssl
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates
-
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
 PKG_HOST_DEPENDS:=	!freebsd

package/wget/Makefile

@@ -16,17 +16,14 @@ PKG_BB:=		1
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_WGET:=	WITHOUT_SSL WITH_GNUTLS WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITHOUT_SSL:=	use no ssl
+PKG_CHOICES_WGET:=	WITH_LIBRESSL WITH_GNUTLS WITHOUT_SSL
 PKGCD_WITH_LIBRESSL:=	use libressl for crypto
 PKGCS_WITH_LIBRESSL:=	libressl ca-certificates libgmp
 PKGCB_WITH_LIBRESSL:=	libressl
-PKGCD_WITH_OPENSSL:=	use openssl for crypto
-PKGCS_WITH_OPENSSL:=	libopenssl ca-certificates libgmp
-PKGCB_WITH_OPENSSL:=	openssl
 PKGCD_WITH_GNUTLS:=	use gnutls for crypto
 PKGCS_WITH_GNUTLS:=	libgnutls ca-certificates libgmp
 PKGCB_WITH_GNUTLS:=	gnutls
+PKGCD_WITHOUT_SSL:=	use no ssl
 
 include ${ADK_TOPDIR}/mk/host.mk
 include ${ADK_TOPDIR}/mk/package.mk
@@ -37,11 +34,6 @@ $(eval $(call PKG_template,WGET,wget,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS
 ifeq (${ADK_PACKAGE_WGET_WITHOUT_SSL},y)
 CONFIGURE_ARGS+=	--with-ssl=no
 endif
-ifeq (${ADK_PACKAGE_WGET_WITH_OPENSSL},y)
-CONFIGURE_ARGS+=	--with-ssl=openssl \
-			--with-openssl=yes \
-			--with-libssl-prefix=${STAGING_TARGET_DIR}
-endif
 ifeq (${ADK_PACKAGE_WGET_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	--with-ssl=openssl \
 			--with-openssl=yes \

package/wpa_supplicant/Makefile

@@ -21,13 +21,10 @@ PKG_DFLT_WPA_SUPPLICANT:=	y if ADK_TARGET_WITH_WIFI
 
 WRKSRC=			${WRKDIST}/${PKG_NAME}
 
-PKG_CHOICES_WPA_SUPPLICANT:=	WITH_LIBRESSL WITH_OPENSSL WITH_INTERNAL WITH_GNUTLS
+PKG_CHOICES_WPA_SUPPLICANT:=	WITH_LIBRESSL WITH_INTERNAL WITH_GNUTLS
 PKGCD_WITH_LIBRESSL:=		use libressl for crypto
 PKGCS_WITH_LIBRESSL:=		libressl
 PKGCB_WITH_LIBRESSL:=		libressl
-PKGCD_WITH_OPENSSL:=		use openssl for crypto
-PKGCS_WITH_OPENSSL:=		libopenssl
-PKGCB_WITH_OPENSSL:=		openssl
 PKGCD_WITH_GNUTLS:=		use gnutls for crypto
 PKGCS_WITH_GNUTLS:=		libgnutls
 PKGCB_WITH_GNUTLS:=		gnutls
@@ -37,9 +34,10 @@ include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,WPA_SUPPLICANT,wpa-supplicant,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
+TARGET_CFLAGS+=		-I$(STAGING_TARGET_DIR)/usr/include/libnl3
+
 CONFIG_STYLE:=          manual
 INSTALL_STYLE:=         manual
-TARGET_CFLAGS+=		-I$(STAGING_TARGET_DIR)/usr/include/libnl3
 
 MAKE_FLAGS+=		CPPFLAGS='${TARGET_CPPFLAGS}' \
 			LDFLAGS='${TARGET_LDFLAGS}' \

package/xorg-server/Makefile

@@ -31,16 +31,13 @@ PKG_CFLINE_XORG_SERVER:=depends on ADK_TARGET_WITH_VGA || ADK_TARGET_QEMU_WITH_G
 PKG_FLAVOURS_XORG_SERVER:=	WITH_KDRIVE
 PKGFD_WITH_KDRIVE:=		build kdrive xfbdev server
 
-PKG_CHOICES_XORG_SERVER:=	WITH_GCRYPT WITH_LIBRESSL WITH_OPENSSL
-PKGCD_WITH_GCRYPT:=		use libgcrypt for sha1
-PKGCS_WITH_GCRYPT:=		libgcrypt
-PKGCB_WITH_GCRYPT:=		libgcrypt
+PKG_CHOICES_XORG_SERVER:=	WITH_LIBRESSL WITH_GCRYPT
 PKGCD_WITH_LIBRESSL:=		use libressl crypto for sha1
 PKGCS_WITH_LIBRESSL:=		libressl
 PKGCB_WITH_LIBRESSL:=		libressl
-PKGCD_WITH_OPENSSL:=		use openssl crypto for sha1
-PKGCS_WITH_OPENSSL:=		libopenssl
-PKGCB_WITH_OPENSSL:=		openssl
+PKGCD_WITH_GCRYPT:=		use libgcrypt for sha1
+PKGCS_WITH_GCRYPT:=		libgcrypt
+PKGCB_WITH_GCRYPT:=		libgcrypt
 
 include $(ADK_TOPDIR)/mk/package.mk
 
@@ -52,7 +49,7 @@ ifeq (${ADK_PACKAGE_XORG_SERVER_WITH_GCRYPT},y)
 CONFIGURE_ARGS+=	 --with-sha1=libgcrypt
 endif
 
-ifeq (${ADK_PACKAGE_XORG_SERVER_WITH_CRYPTO},y)
+ifeq (${ADK_PACKAGE_XORG_SERVER_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	 --with-sha1=libcrypto
 endif