author: Dirk Meyer <dinoex@FreeBSD.org> 2009-01-09 18:49:06 +0000
committer: Dirk Meyer <dinoex@FreeBSD.org> 2009-01-09 18:49:06 +0000
commit: 4c5fb218aa42e3f9d65ac47e21ec08b5fa318364 (patch)
tree: d1d63d8a89bb692fc4467b6daeffdb1f66240bf0 /security/openssl
parent: 67266c99eab43ab6c56b4a71c087e39a2b19285d (diff)
download: ports-4c5fb218aa42e3f9d65ac47e21ec08b5fa318364.tar.gz
ports-4c5fb218aa42e3f9d65ac47e21ec08b5fa318364.zip
21 files changed, 130 insertions, 728 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index ab9f05c5267e..0b04dcbd4afc 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	openssl
-PORTVERSION=	0.9.8i
-PORTREVISION?=	1
+PORTVERSION=	0.9.8j
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/%SUBDIR%/ \
 		ftp://ftp.openssl.org/%SUBDIR%/ \
@@ -20,6 +19,8 @@ DISTNAME=	${PORTNAME}-${PORTVERSION}
 MAINTAINER=	dinoex@FreeBSD.org
 COMMENT=	SSL and crypto library
 
+BUILD_DEPENDS=	makedepend:${PORTSDIR}/devel/makedepend
+
 .ifdef USE_OPENSSL
 .error You have `USE_OPENSSL' variable defined either in environment or in make(1) arguments. Please undefine and try again.
 .endif
@@ -29,7 +30,6 @@ BETA_SUFFIX=		-beta
 CONFLICTS?=		openssl-0.* openssl-stable-0.*
 NO_LATEST_LINK=		yes
 .endif
-PATCHDIR=		${MASTERDIR}/files-beta
 PLIST_SUB+=		OPENSSL_BETA=""
 PLIST_SUB+=		OPENSSL_STABLE="@comment "
 CONFLICTS?=		openssl-beta-0.* openssl-stable-0.*
@@ -896,6 +896,9 @@ EXTRACONFIGURE+=	386
 .endif
 
 do-configure:
+	${RM} -rf ${WRKSRC}/fips
+	${RM} -f ${WRKSRC}/include/openssl/fips.h
+	${RM} -f ${WRKSRC}/include/openssl/fips_rand.h
 	cd ${WRKSRC} \
 	&& ${SETENV} CC="${CC}" FREEBSDCC="${CC}" CFLAGS="${CFLAGS}" PERL="${PERL}" \
 	PTHREAD_CFLAGS=${PTHREAD_CFLAGS} PTHREAD_LIBS=${PTHREAD_LIBS} \
@@ -905,7 +908,27 @@ do-configure:
 		-e 's|^MANDIR=.*$$|MANDIR=$$(MANPREFIX)/man|' \
 		-e 's|lib/pkgconfig|libdata/pkgconfig|g' \
 		-e 's|LIBVERSION=[^ ]* |LIBVERSION=$(OPENSSL_SHLIBVER) |' \
+		-e 's| build_fips | |' \
 		${WRKSRC}/Makefile
+	@${REINPLACE_CMD} \
+		-e 's| fips_err.c||' \
+		-e 's| fips_err.o | |' \
+		${WRKSRC}/crypto/Makefile
+	 @${REINPLACE_CMD} \
+		-e 's|$$(FIPS_SHATEST)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_DESTEST)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_RANDTEST)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_AESTEST)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_HMACTEST)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_RSAVTEST)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_RSASTEST)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_RSAGTEST)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_DSSVS)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_DSATEST)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_RNGVS)$$(EXE_EXT)||' \
+		-e 's|$$(FIPS_TEST_SUITE)$$(EXE_EXT)||' \
+		${WRKSRC}/test/Makefile
+	@(cd ${BUILD_WRKSRC}/${i} && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} depend)
 
 post-install:
 .if !defined(NOSHARED)
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 639c708b9f50..625d8f08c875 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,3 +1,3 @@
-MD5 (openssl-0.9.8i.tar.gz) = 561e00f18821c74b2b86c8c7786f9d8b
-SHA256 (openssl-0.9.8i.tar.gz) = e8fc5fcfb715ffe925b2982aa9ca287832a93495d7fff03f17f6449f0732718c
-SIZE (openssl-0.9.8i.tar.gz) = 3459643
+MD5 (openssl-0.9.8j.tar.gz) = a5cb5f6c3d11affb387ecf7a997cac0c
+SHA256 (openssl-0.9.8j.tar.gz) = 7131242042dbd631fbd83436f42aea1775e7c32f587fa4ada5a01df4c3ae8e8b
+SIZE (openssl-0.9.8j.tar.gz) = 3738359
diff --git a/security/openssl/files-beta/hw_cryptodev.c.patch-cloning b/security/openssl/files-beta/hw_cryptodev.c.patch-cloning
deleted file mode 100644
index 82c159a32528..000000000000
--- a/security/openssl/files-beta/hw_cryptodev.c.patch-cloning
+++ /dev/null
@@ -1,37 +0,0 @@
-Index: crypto/engine/hw_cryptodev.c
-===================================================================
-RCS file: /home/ncvs/src/crypto/openssl/crypto/engine/hw_cryptodev.c,v
-retrieving revision 1.1.1.3
-diff -u -r1.1.1.3 hw_cryptodev.c
---- crypto/engine/hw_cryptodev.c	17 Mar 2004 15:44:46 -0000	1.1.1.3
-+++ crypto/engine/hw_cryptodev.c	18 Jan 2005 12:27:17 -0000
-@@ -180,6 +180,10 @@
- 		return (-1);
- 	if (ioctl(fd, CRIOGET, &retfd) == -1)
- 		return (-1);
-+	if (retfd == -1)
-+		retfd = fd;
-+	else
-+		close(fd);
- 
- 	/* close on exec */
- 	if (fcntl(retfd, F_SETFD, 1) == -1) {
-Index: crypto/evp/openbsd_hw.c
-===================================================================
-RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/openbsd_hw.c,v
-retrieving revision 1.1.1.1
-diff -u -r1.1.1.1 openbsd_hw.c
---- crypto/evp/openbsd_hw.c	28 Jan 2003 21:24:39 -0000	1.1.1.1
-+++ crypto/evp/openbsd_hw.c	18 Jan 2005 12:26:45 -0000
-@@ -109,7 +109,10 @@
- 	    dev_failed=1;
- 	    return 0;
- 	    }
--	close(cryptodev_fd);
-+	if (fd == -1)
-+		fd = cryptodev_fd;
-+	else
-+		close(cryptodev_fd);
- 	}
-     assert(ses);
-     memset(ses,'\0',sizeof *ses);
diff --git a/security/openssl/files-beta/patch-Configure b/security/openssl/files-beta/patch-Configure
deleted file mode 100644
index 691fe7b848af..000000000000
--- a/security/openssl/files-beta/patch-Configure
+++ /dev/null
@@ -1,41 +0,0 @@
---- Configure.orig	2008-05-02 01:11:30.000000000 +0200
-+++ Configure	2008-05-29 13:55:51.000000000 +0200
-@@ -132,7 +132,7 @@
- # which has to be accompanied by explicit -D_THREAD_SAFE and
- # sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
- # seems to be sufficient?
--my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-+my $BSDthreads="$ENV{'PTHREAD_LIBS'} -D_REENTRANT $ENV{'PTHREAD_CFLAGS'}";
- 
- #config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
- 
-@@ -359,19 +359,20 @@
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
- 
- #### *BSD [do see comment about ${BSDthreads} above!]
--"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"BSD-x86",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"BSD-sparcv8",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"BSD-generic32","$ENV{'FREEBSDCC'}:-DTERMIOS -O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
-+"BSD-x86",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
-+"BSD-x86-elf",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
-+"debug-BSD-x86-elf",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O3 -Wall -g $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
-+"BSD-sparcv8",	"$ENV{'FREEBSDCC'}:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
- 
--"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"BSD-generic64","$ENV{'FREEBSDCC'}:-DTERMIOS -O3 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
- # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
- # simply *happens* to work around a compiler bug in gcc 3.3.3,
- # triggered by RIPEMD160 code.
--"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"BSD-sparc64",	"$ENV{'FREEBSDCC'}:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
-+"BSD-ia64",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O3 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
-+"BSD-x86_64",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
-+"BSD-alpha",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
- 
- "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- 
diff --git a/security/openssl/files-beta/patch-ad b/security/openssl/files-beta/patch-ad
deleted file mode 100644
index cd606a304160..000000000000
--- a/security/openssl/files-beta/patch-ad
+++ /dev/null
@@ -1,11 +0,0 @@
---- crypto/md5/md5.c.orig	Thu Apr  9 07:59:29 1998
-+++ crypto/md5/md5.c	Sun Dec 27 18:44:33 1998
-@@ -94,7 +94,7 @@
- 				err++;
- 				continue;
- 				}
--			printf("MD5(%s)= ",argv[i]);
-+			printf("MD5 (%s) = ",argv[i]);
- 			do_fp(IN);
- 			fclose(IN);
- 			}
diff --git a/security/openssl/files-beta/patch-ak b/security/openssl/files-beta/patch-ak
deleted file mode 100644
index 77e810e497c6..000000000000
--- a/security/openssl/files-beta/patch-ak
+++ /dev/null
@@ -1,11 +0,0 @@
---- apps/Makefile.orig	Tue Aug 10 11:09:07 2004
-+++ apps/Makefile	Tue Oct 26 07:00:51 2004
-@@ -112,7 +112,7 @@
- 	 done
- 	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
- 	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
--	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
-+	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.sample
- 
- tags:
- 	ctags $(SRC)
diff --git a/security/openssl/files-beta/patch-crypto-dso-Makefile b/security/openssl/files-beta/patch-crypto-dso-Makefile
deleted file mode 100644
index b27e728396b8..000000000000
--- a/security/openssl/files-beta/patch-crypto-dso-Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
---- crypto/dso/Makefile.orig	Tue May 11 14:45:17 2004
-+++ crypto/dso/Makefile	Fri Nov  5 05:37:11 2004
-@@ -23,9 +23,9 @@
- 
- LIB=$(TOP)/libcrypto.a
- LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
--	dso_openssl.c dso_win32.c dso_vms.c
-+	dso_openssl.c
- LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \
--	dso_openssl.o dso_win32.o dso_vms.o
-+	dso_openssl.o
- 
- SRC= $(LIBSRC)
- 
diff --git a/security/openssl/files-beta/patch-eng_cryptodev.c b/security/openssl/files-beta/patch-eng_cryptodev.c
deleted file mode 100644
index 3746331dacf4..000000000000
--- a/security/openssl/files-beta/patch-eng_cryptodev.c
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ru openssl-0.9.8g.orig/crypto/engine/eng_cryptodev.c crypto/engine/eng_cryptodev.c
---- openssl-0.9.8g.orig/crypto/engine/eng_cryptodev.c	2004-06-15 13:45:42.000000000 +0200
-+++ crypto/engine/eng_cryptodev.c	2007-12-16 11:15:12.000000000 +0100
-@@ -32,7 +32,7 @@
- #include <openssl/bn.h>
- 
- #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
--	(defined(OpenBSD) || defined(__FreeBSD_version))
-+	(defined(OpenBSD) || defined(__FreeBSD__))
- #include <sys/param.h>
- # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
- #  define HAVE_CRYPTODEV
diff --git a/security/openssl/files-beta/patch-secadv_20090107 b/security/openssl/files-beta/patch-secadv_20090107
deleted file mode 100644
index 81bff08f6988..000000000000
--- a/security/openssl/files-beta/patch-secadv_20090107
+++ /dev/null
@@ -1,151 +0,0 @@
-diff -ur openssl-0.9.8i-ORIG/apps/speed.c apps/speed.c
---- apps/speed.c	2007-11-15 13:33:47.000000000 +0000
-+++ apps/speed-new.c	2008-12-04 00:00:00.000000000 +0000
-@@ -2132,7 +2132,7 @@
- 				{
- 				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
- 					rsa_num, rsa_key[j]);
--				if (ret == 0)
-+				if (ret <= 0)
- 					{
- 					BIO_printf(bio_err,
- 						"RSA verify failure\n");
-diff -ur openssl-0.9.8i-ORIG/apps/spkac.c apps/spkac.c
---- openssl-0.9.8i-ORIG/apps/spkac.c	2005-04-05 19:11:18.000000000 +0000
-+++ apps/spkac.c	2008-12-04 00:00:00.000000000 +0000
-@@ -285,7 +285,7 @@
- 	pkey = NETSCAPE_SPKI_get_pubkey(spki);
- 	if(verify) {
- 		i = NETSCAPE_SPKI_verify(spki, pkey);
--		if(i) BIO_printf(bio_err, "Signature OK\n");
-+		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
- 		else {
- 			BIO_printf(bio_err, "Signature Failure\n");
- 			ERR_print_errors(bio_err);
-diff -ur openssl-0.9.8i-ORIG/apps/verify.c apps/verify.c
---- openssl-0.9.8i-ORIG/apps/verify.c	2004-11-29 11:28:07.000000000 +0000
-+++ apps/verify.c	2008-12-04 00:00:00.600000000 +0000
-@@ -266,7 +266,7 @@
- 
- 	ret=0;
- end:
--	if (i)
-+	if (i > 0)
- 		{
- 		fprintf(stdout,"OK\n");
- 		ret=1;
-@@ -367,4 +367,3 @@
- 		ERR_clear_error();
- 	return(ok);
- 	}
--
-diff -ur openssl-0.9.8i-ORIG/apps/x509.c apps/x509.c
---- openssl-0.9.8i-ORIG/apps/x509.c	2007-10-12 00:00:10.000000000 +0000
-+++ apps/x509.c	2008-12-04 00:00:00.400000000 +0000
-@@ -1151,7 +1151,7 @@
- 	/* NOTE: this certificate can/should be self signed, unless it was
- 	 * a certificate request in which case it is not. */
- 	X509_STORE_CTX_set_cert(&xsc,x);
--	if (!reqfile && !X509_verify_cert(&xsc))
-+	if (!reqfile && X509_verify_cert(&xsc) <= 0)
- 		goto end;
- 
- 	if (!X509_check_private_key(xca,pkey))
-diff -ur openssl-0.9.8i-ORIG/crypto/cms/cms_sd.c crypto/cms/cms_sd.c
---- openssl-0.9.8i-ORIG/crypto/cms/cms_sd.c	2008-04-06 16:30:38.000000000 +0000
-+++ crypto/cms/cms_sd.c	2008-12-04 00:00:00.400000000 +0000
-@@ -830,7 +830,7 @@
- 	cms_fixup_mctx(&mctx, si->pkey);
- 	r = EVP_VerifyFinal(&mctx,
- 			si->signature->data, si->signature->length, si->pkey);
--	if (!r)
-+	if (r <= 0)
- 		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
- 	err:
- 	EVP_MD_CTX_cleanup(&mctx);
-diff -ur openssl-0.9.8i-ORIG/ssl/s2_clnt.c ssl/s2_clnt.c
---- openssl-0.9.8i-ORIG/ssl/s2_clnt.c	2007-09-06 12:43:53.000000000 +0000
-+++ ssl/s2_clnt.c	2008-12-04 00:00:00.100000000 +0000
-@@ -1044,7 +1044,7 @@
- 
- 	i=ssl_verify_cert_chain(s,sk);
- 		
--	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
-+	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
- 		{
- 		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
- 		goto err;
-diff -ur openssl-0.9.8i-ORIG/ssl/s2_srvr.c ssl/s2_srvr.c
---- openssl-0.9.8i-ORIG/ssl/s2_srvr.c	2007-09-06 12:43:53.000000000 +0000
-+++ ssl/s2_srvr.c	2008-12-04 00:00:00.900000000 +0000
-@@ -1054,7 +1054,7 @@
- 
- 	i=ssl_verify_cert_chain(s,sk);
- 
--	if (i)	/* we like the packet, now check the chksum */
-+	if (i > 0)	/* we like the packet, now check the chksum */
- 		{
- 		EVP_MD_CTX ctx;
- 		EVP_PKEY *pkey=NULL;
-@@ -1083,7 +1083,7 @@
- 		EVP_PKEY_free(pkey);
- 		EVP_MD_CTX_cleanup(&ctx);
- 
--		if (i) 
-+		if (i > 0)
- 			{
- 			if (s->session->peer != NULL)
- 				X509_free(s->session->peer);
-diff -ur openssl-0.9.8i-ORIG/ssl/s3_clnt.c ssl/s3_clnt.c
---- openssl-0.9.8i-ORIG/ssl/s3_clnt.c	2008-06-16 16:56:41.000000000 +0000
-+++ ssl/s3_clnt.c	2008-12-04 00:00:00.100000000 +0000
-@@ -972,7 +972,7 @@
- 		}
- 
- 	i=ssl_verify_cert_chain(s,sk);
--	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
-+	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
- #ifndef OPENSSL_NO_KRB5
- 	        && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- 	        != (SSL_aKRB5|SSL_kKRB5)
-@@ -1459,7 +1459,7 @@
- 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- 			EVP_VerifyUpdate(&md_ctx,param,param_len);
--			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
-+			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
- 				{
- 				/* bad signature */
- 				al=SSL_AD_DECRYPT_ERROR;
-@@ -1477,7 +1477,7 @@
- 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- 			EVP_VerifyUpdate(&md_ctx,param,param_len);
--			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
-+			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
- 				{
- 				/* bad signature */
- 				al=SSL_AD_DECRYPT_ERROR;
-diff -ur openssl-0.9.8i-ORIG/ssl/s3_srvr.c ssl/s3_srvr.c
---- openssl-0.9.8i-ORIG/ssl/s3_srvr.c	2008-09-14 18:16:09.000000000 +0000
-+++ ssl/s3_srvr.c	2008-12-04 00:00:00.100000000 +0000
-@@ -2560,7 +2560,7 @@
- 	else
- 		{
- 		i=ssl_verify_cert_chain(s,sk);
--		if (!i)
-+		if (i <= 0)
- 			{
- 			al=ssl_verify_alarm_type(s->verify_result);
- 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
-diff -ur openssl-0.9.8i-ORIG/ssl/ssltest.c ssl/ssltest.c
---- openssl-0.9.8i-ORIG/ssl/ssltest.c	2008-06-16 16:56:42.000000000 +0000
-+++ ssl/ssltest.c	2008-12-04 00:00:00.900000000 +0000
-@@ -2093,7 +2093,7 @@
- 
- 	if (cb_arg->proxy_auth)
- 		{
--		if (ok)
-+		if (ok > 0)
- 			{
- 			const char *cond_end = NULL;
diff --git a/security/openssl/files/patch-Configure b/security/openssl/files/patch-Configure
index 473cba68d439..691fe7b848af 100644
--- a/security/openssl/files/patch-Configure
+++ b/security/openssl/files/patch-Configure
@@ -1,27 +1,41 @@
---- Configure.orig	Tue Feb 18 13:15:09 2003
-+++ Configure	Wed Feb 19 19:28:01 2003
-@@ -349,7 +349,7 @@
- #
- # This probably belongs in a different section.
- #
--"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"FreeBSD-alpha","$ENV{CC}:-DTERMIOS $ENV{CFLAGS}::$ENV{PTHREAD_LIBS} -D_REENTRANT $ENV{PTHREAD_CFLAGS}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+--- Configure.orig	2008-05-02 01:11:30.000000000 +0200
++++ Configure	2008-05-29 13:55:51.000000000 +0200
+@@ -132,7 +132,7 @@
+ # which has to be accompanied by explicit -D_THREAD_SAFE and
+ # sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
+ # seems to be sufficient?
+-my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
++my $BSDthreads="$ENV{'PTHREAD_LIBS'} -D_REENTRANT $ENV{'PTHREAD_CFLAGS'}";
+ 
+ #config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
+ 
+@@ -359,19 +359,20 @@
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+ 
+ #### *BSD [do see comment about ${BSDthreads} above!]
+-"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-sparcv8",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-generic32","$ENV{'FREEBSDCC'}:-DTERMIOS -O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-x86",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-x86-elf",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
++"debug-BSD-x86-elf",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O3 -Wall -g $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-sparcv8",	"$ENV{'FREEBSDCC'}:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+ 
+-"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-generic64","$ENV{'FREEBSDCC'}:-DTERMIOS -O3 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+ # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+ # simply *happens* to work around a compiler bug in gcc 3.3.3,
+ # triggered by RIPEMD160 code.
+-"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-sparc64",	"$ENV{'FREEBSDCC'}:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-ia64",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O3 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-x86_64",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
++"BSD-alpha",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -DTERMIOS -O -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+ 
+ "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  
- #### Alpha Linux with GNU C and Compaq C setups
- # Special notes:
-@@ -394,10 +394,11 @@
- "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-+"FreeBSD-elf",  "$ENV{CC}:-DTERMIOS -DL_ENDIAN $ENV{CFLAGS} -Wall::$ENV{PTHREAD_LIBS} -D_REENTRANT $ENV{PTHREAD_CFLAGS}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"FreeBSD-sparc64","$ENV{CC}:-DB_ENDIAN -DTERMIOS $ENV{CFLAGS}::$ENV{PTHREAD_LIBS} -D_REENTRANT $ENV{PTHREAD_CFLAGS}:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"FreeBSD-ia64","$ENV{CC}:-DL_ENDIAN -DTERMIOS $ENV{CFLAGS}::$ENV{PTHREAD_LIBS} -D_REENTRANT $ENV{PTHREAD_CFLAGS}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"FreeBSD-amd64","$ENV{CC}:-DL_ENDIAN -DTERMIOS $ENV{CFLAGS}::$ENV{PTHREAD_LIBS} -D_REENTRANT $ENV{PTHREAD_CFLAGS}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"FreeBSD",      "$ENV{CC}:-DTERMIOS -DL_ENDIAN $ENV{CFLAGS} -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
- "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
- "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "nextstep",	"cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
diff --git a/security/openssl/files/patch-Makefile.org b/security/openssl/files/patch-Makefile.org
deleted file mode 100644
index bc2bc7bcf30b..000000000000
--- a/security/openssl/files/patch-Makefile.org
+++ /dev/null
@@ -1,53 +0,0 @@
---- Makefile.org.orig	Mon Apr 24 15:32:57 2006
-+++ Makefile.org	Sun May  7 21:18:14 2006
-@@ -194,7 +194,7 @@
- # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
- SHLIB_MARK=
- 
--DIRS=   crypto fips-1.0 ssl $(SHLIB_MARK) apps test tools
-+DIRS=   crypto ssl $(SHLIB_MARK) apps test tools
- SHLIBDIRS= crypto ssl
- 
- # dirs in crypto to build
-@@ -213,7 +213,7 @@
- 
- MAKEFILE= Makefile
- 
--MANDIR=$(OPENSSLDIR)/man
-+MANDIR=$(MANPREFIX)/man
- MAN1=1
- MAN3=3
- MANSUFFIX=
-@@ -316,9 +316,9 @@
- 		libs="$(LIBKRB5) $$libs"; \
- 	fi; \
- 	( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
--		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
--		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
--		-Wl,-Bsymbolic \
-+		-nodefaultlibs \
-+		-shared -o lib$$i.so.${SHLIBVER} \
-+		-Wl,-soname=lib$$i.so.${SHLIBVER} \
- 		-Wl,--whole-archive lib$$i.a \
- 		-Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
- 	libs="-l$$i $$libs"; \
-@@ -784,7 +784,7 @@
- install_sw:
- 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
--		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
-+		$(INSTALL_PREFIX)$(INSTALLTOP)/libdata/pkgconfig \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-@@ -847,8 +847,8 @@
- 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
- 		fi; \
- 	fi
--	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
--	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
-+	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/libdata/pkgconfig
-+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/libdata/pkgconfig/openssl.pc
- 
- install_docs:
- 	@$(PERL) $(TOP)/util/mkdir-p.pl \
diff --git a/security/openssl/files/patch-apps-dgst.c b/security/openssl/files/patch-apps-dgst.c
deleted file mode 100644
index 2ada86741428..000000000000
--- a/security/openssl/files/patch-apps-dgst.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- apps/dgst.c.orig	Thu Aug  5 20:10:46 2004
-+++ apps/dgst.c	Tue Oct 26 07:02:30 2004
-@@ -363,7 +363,7 @@
- 				{
- 				size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
- 				tmp=tofree=OPENSSL_malloc(len);
--				BIO_snprintf(tmp,len,"%s%s(%s)= ",
-+				BIO_snprintf(tmp,len,"%s%s(%s) = ",
- 							 hmac_key ? "HMAC-" : "",name,argv[i]);
- 				}
- 			else
diff --git a/security/openssl/files/patch-config b/security/openssl/files/patch-config
deleted file mode 100644
index 973057062f62..000000000000
--- a/security/openssl/files/patch-config
+++ /dev/null
@@ -1,28 +0,0 @@
---- config.orig	Thu Mar 20 12:44:31 2003
-+++ config	Sun Jul  6 04:39:01 2003
-@@ -392,7 +392,7 @@
- # we fallback to whatever cc does on the system
- GCCVER=`(gcc -dumpversion) 2>/dev/null`
- if [ "$GCCVER" != "" ]; then
--  CC=gcc
-+  CC=${CC:-gcc}
-   # then strip off whatever prefix egcs prepends the number with...
-   # Hopefully, this will work for any future prefixes as well.
-   GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
-@@ -402,7 +402,7 @@
-   # peak single digit before and after first dot, e.g. 2.95.1 gives 29
-   GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
- else
--  CC=cc
-+  CC=${CC:-cc}
- fi
- GCCVER=${GCCVER:-0}
- if [ "$SYSTEM" = "HP-UX" ];then
-@@ -642,6 +642,7 @@
-   alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
-   sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
-   ia64-*-freebsd*) OUT="FreeBSD-ia64" ;;
-+  amd64-*-freebsd*) OUT="FreeBSD-amd64" ;;
-   *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
-   *-freebsd[1-2]*) OUT="FreeBSD" ;;
-   *86*-*-netbsd) OUT="NetBSD-x86" ;;
diff --git a/security/openssl/files/patch-doc-crypto-des_modes.pod b/security/openssl/files/patch-doc-crypto-des_modes.pod
deleted file mode 100644
index 3584dda10a12..000000000000
--- a/security/openssl/files/patch-doc-crypto-des_modes.pod
+++ /dev/null
@@ -1,11 +0,0 @@
---- doc/crypto/des_modes.pod.orig	Tue Mar  5 16:30:13 2002
-+++ doc/crypto/des_modes.pod	Tue Sep 30 18:58:27 2003
-@@ -2,7 +2,7 @@
- 
- =head1 NAME
- 
--Modes of DES - the variants of DES and other crypto algorithms of OpenSSL
-+Modes_of_DES - the variants of DES and other crypto algorithms of OpenSSL
- 
- =head1 DESCRIPTION
- 
diff --git a/security/openssl/files/patch-enc_min.c b/security/openssl/files/patch-enc_min.c
new file mode 100644
index 000000000000..7d4af5ac3de9
--- /dev/null
+++ b/security/openssl/files/patch-enc_min.c
@@ -0,0 +1,11 @@
+--- crypto/evp/enc_min.c.orig	2008-12-02 19:14:44.000000000 +0100
++++ crypto/evp/enc_min.c	2009-01-09 18:20:35.000000000 +0100
+@@ -199,7 +199,7 @@
+ 			enc = 1;
+ 		ctx->encrypt = enc;
+ 		}
+-#ifdef OPENSSL_NO_FIPS
++#ifndef OPENSSL_NO_FIPS
+ 	if(FIPS_selftest_failed())
+ 		{
+ 		FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
diff --git a/security/openssl/files-beta/hw_cryptodev.c.patch-aes_256 b/security/openssl/files/patch-eng_cryptodev.c
index e4efffa21530..89339f988bf4 100644
--- a/security/openssl/files-beta/hw_cryptodev.c.patch-aes_256
+++ b/security/openssl/files/patch-eng_cryptodev.c
@@ -1,11 +1,15 @@
-===================================================================
-RCS file: crypto/engine/hw_cryptodev.c,v
-retrieving revision 1.17
-retrieving revision 1.18
-diff -u -p -r1.17 -r1.18
---- crypto/engine/hw_cryptodev.c	2003/06/03 15:57:44	1.17
-+++ crypto/engine/hw_cryptodev.c	2003/08/07 16:27:47	1.18
-@@ -68,14 +68,19 @@ struct dev_crypto_state {
+--- crypto/engine/eng_cryptodev.c.orig	2004-06-15 13:45:42.000000000 +0200
++++ crypto/engine/eng_cryptodev.c	2009-01-09 19:14:28.000000000 +0100
+@@ -32,7 +32,7 @@
+ #include <openssl/bn.h>
+ 
+ #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
+-	(defined(OpenBSD) || defined(__FreeBSD_version))
++	(defined(OpenBSD) || defined(__FreeBSD__))
+ #include <sys/param.h>
+ # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
+ #  define HAVE_CRYPTODEV
+@@ -70,14 +70,19 @@
  	int d_fd;
  };
  
@@ -28,7 +32,7 @@ diff -u -p -r1.17 -r1.18
  static int get_cryptodev_ciphers(const int **cnids);
  static int get_cryptodev_digests(const int **cnids);
  static int cryptodev_usable_ciphers(const int **nids);
-@@ -122,15 +127,12 @@ static const ENGINE_CMD_DEFN cryptodev_d
+@@ -124,15 +129,12 @@
  	{ 0, NULL, NULL, 0 }
  };
  
@@ -47,7 +51,18 @@ diff -u -p -r1.17 -r1.18
  	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
  	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
  	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
-@@ -200,48 +202,16 @@ get_asym_dev_crypto(void)
+@@ -182,6 +184,10 @@
+ 		return (-1);
+ 	if (ioctl(fd, CRIOGET, &retfd) == -1)
+ 		return (-1);
++	if (retfd == -1)
++		retfd = fd;
++	else
++		close(fd);
+ 
+ 	/* close on exec */
+ 	if (fcntl(retfd, F_SETFD, 1) == -1) {
+@@ -202,48 +208,16 @@
  	return fd;
  }
  
@@ -101,7 +116,7 @@ diff -u -p -r1.17 -r1.18
  }
  
  /*
-@@ -264,15 +234,15 @@ get_cryptodev_ciphers(const int **cnids)
+@@ -266,15 +240,15 @@
  	memset(&sess, 0, sizeof(sess));
  	sess.key = (caddr_t)"123456781234567812345678";
  
@@ -122,7 +137,7 @@ diff -u -p -r1.17 -r1.18
  	}
  	close(fd);
  
-@@ -425,15 +395,15 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, 
+@@ -427,15 +401,15 @@
  {
  	struct dev_crypto_state *state = ctx->cipher_data;
  	struct session_op *sess = &state->d_sess;
@@ -142,7 +157,7 @@ diff -u -p -r1.17 -r1.18
  		return (0);
  
  	memset(sess, 0, sizeof(struct session_op));
-@@ -443,7 +413,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, 
+@@ -445,7 +419,7 @@
  
  	sess->key = (unsigned char *)key;
  	sess->keylen = ctx->key_len;
@@ -151,7 +166,7 @@ diff -u -p -r1.17 -r1.18
  
  	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
  		close(state->d_fd);
-@@ -548,7 +518,7 @@ const EVP_CIPHER cryptodev_cast_cbc = {
+@@ -550,7 +524,7 @@
  	NULL
  };
  
@@ -160,7 +175,7 @@ diff -u -p -r1.17 -r1.18
  	NID_aes_128_cbc,
  	16, 16, 16,
  	EVP_CIPH_CBC_MODE,
-@@ -561,6 +531,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
+@@ -563,6 +537,32 @@
  	NULL
  };
  
@@ -193,7 +208,7 @@ diff -u -p -r1.17 -r1.18
  /*
   * Registered by the ENGINE when used to find out how to deal with
   * a particular NID in the ENGINE. this says what we'll do at the
-@@ -587,7 +583,13 @@ cryptodev_engine_ciphers(ENGINE *e, cons
+@@ -589,7 +589,13 @@
  		*cipher = &cryptodev_cast_cbc;
  		break;
  	case NID_aes_128_cbc:
diff --git a/security/openssl/files/patch-hw_cryptodev.c b/security/openssl/files/patch-hw_cryptodev.c
deleted file mode 100644
index 786fbfda315b..000000000000
--- a/security/openssl/files/patch-hw_cryptodev.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- crypto/engine/hw_cryptodev.c.orig	Thu Jan 23 09:10:07 2003
-+++ crypto/engine/hw_cryptodev.c	Mon Aug  4 05:39:28 2003
-@@ -35,7 +35,7 @@
- 
- #if (defined(__unix__) || defined(unix)) && !defined(USG)
- #include <sys/param.h>
--# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
-+# if (OpenBSD >= 200112) || ((__FreeBSD_version > 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
- # define HAVE_CRYPTODEV
- # endif
- # if (OpenBSD >= 200110)
diff --git a/security/openssl/files/patch-hw_cryptodev.c-aes_256 b/security/openssl/files/patch-hw_cryptodev.c-aes_256
deleted file mode 100644
index e4efffa21530..000000000000
--- a/security/openssl/files/patch-hw_cryptodev.c-aes_256
+++ /dev/null
@@ -1,210 +0,0 @@
-===================================================================
-RCS file: crypto/engine/hw_cryptodev.c,v
-retrieving revision 1.17
-retrieving revision 1.18
-diff -u -p -r1.17 -r1.18
---- crypto/engine/hw_cryptodev.c	2003/06/03 15:57:44	1.17
-+++ crypto/engine/hw_cryptodev.c	2003/08/07 16:27:47	1.18
-@@ -68,14 +68,19 @@ struct dev_crypto_state {
- 	int d_fd;
- };
- 
-+struct dev_crypto_cipher {
-+	int	c_id;
-+	int	c_nid;
-+	int	c_ivmax;
-+	int	c_keylen;
-+};
-+
- static u_int32_t cryptodev_asymfeat = 0;
- 
- static int get_asym_dev_crypto(void);
- static int open_dev_crypto(void);
- static int get_dev_crypto(void);
--static int cryptodev_max_iv(int cipher);
--static int cryptodev_key_length_valid(int cipher, int len);
--static int cipher_nid_to_cryptodev(int nid);
-+static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid);
- static int get_cryptodev_ciphers(const int **cnids);
- static int get_cryptodev_digests(const int **cnids);
- static int cryptodev_usable_ciphers(const int **nids);
-@@ -122,15 +127,12 @@ static const ENGINE_CMD_DEFN cryptodev_d
- 	{ 0, NULL, NULL, 0 }
- };
- 
--static struct {
--	int	id;
--	int	nid;
--	int	ivmax;
--	int	keylen;
--} ciphers[] = {
-+static struct dev_crypto_cipher ciphers[] = {
- 	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
- 	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
- 	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
-+	{ CRYPTO_AES_CBC,		NID_aes_192_cbc,	16,	24, },
-+	{ CRYPTO_AES_CBC,		NID_aes_256_cbc,	16,	32, },
- 	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
- 	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
- 	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
-@@ -200,48 +202,16 @@ get_asym_dev_crypto(void)
- 	return fd;
- }
- 
--/*
-- * XXXX this needs to be set for each alg - and determined from
-- * a running card.
-- */
--static int
--cryptodev_max_iv(int cipher)
--{
--	int i;
--
--	for (i = 0; ciphers[i].id; i++)
--		if (ciphers[i].id == cipher)
--			return (ciphers[i].ivmax);
--	return (0);
--}
--
--/*
-- * XXXX this needs to be set for each alg - and determined from
-- * a running card. For now, fake it out - but most of these
-- * for real devices should return 1 for the supported key
-- * sizes the device can handle.
-- */
--static int
--cryptodev_key_length_valid(int cipher, int len)
--{
--	int i;
--
--	for (i = 0; ciphers[i].id; i++)
--		if (ciphers[i].id == cipher)
--			return (ciphers[i].keylen == len);
--	return (0);
--}
--
- /* convert libcrypto nids to cryptodev */
--static int
-+static struct dev_crypto_cipher *
- cipher_nid_to_cryptodev(int nid)
- {
- 	int i;
- 
--	for (i = 0; ciphers[i].id; i++)
--		if (ciphers[i].nid == nid)
--			return (ciphers[i].id);
--	return (0);
-+	for (i = 0; ciphers[i].c_id; i++)
-+		if (ciphers[i].c_nid == nid)
-+			return (&ciphers[i]);
-+	return (NULL);
- }
- 
- /*
-@@ -264,15 +234,15 @@ get_cryptodev_ciphers(const int **cnids)
- 	memset(&sess, 0, sizeof(sess));
- 	sess.key = (caddr_t)"123456781234567812345678";
- 
--	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
--		if (ciphers[i].nid == NID_undef)
-+	for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) {
-+		if (ciphers[i].c_nid == NID_undef)
- 			continue;
--		sess.cipher = ciphers[i].id;
--		sess.keylen = ciphers[i].keylen;
-+		sess.cipher = ciphers[i].c_id;
-+		sess.keylen = ciphers[i].c_keylen;
- 		sess.mac = 0;
- 		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- 		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
--			nids[count++] = ciphers[i].nid;
-+			nids[count++] = ciphers[i].c_nid;
- 	}
- 	close(fd);
- 
-@@ -425,15 +395,15 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, 
- {
- 	struct dev_crypto_state *state = ctx->cipher_data;
- 	struct session_op *sess = &state->d_sess;
--	int cipher;
-+	struct dev_crypto_cipher *cipher;
- 
--	if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
-+	if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL)
- 		return (0);
- 
--	if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
-+	if (ctx->cipher->iv_len > cipher->c_ivmax)
- 		return (0);
- 
--	if (!cryptodev_key_length_valid(cipher, ctx->key_len))
-+	if (ctx->key_len != cipher->c_keylen)
- 		return (0);
- 
- 	memset(sess, 0, sizeof(struct session_op));
-@@ -443,7 +413,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, 
- 
- 	sess->key = (unsigned char *)key;
- 	sess->keylen = ctx->key_len;
--	sess->cipher = cipher;
-+	sess->cipher = cipher->c_id;
- 
- 	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
- 		close(state->d_fd);
-@@ -548,7 +518,7 @@ const EVP_CIPHER cryptodev_cast_cbc = {
- 	NULL
- };
- 
--const EVP_CIPHER cryptodev_aes_cbc = {
-+const EVP_CIPHER cryptodev_aes_128_cbc = {
- 	NID_aes_128_cbc,
- 	16, 16, 16,
- 	EVP_CIPH_CBC_MODE,
-@@ -561,6 +531,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
- 	NULL
- };
- 
-+const EVP_CIPHER cryptodev_aes_192_cbc = {
-+	NID_aes_192_cbc,
-+	16, 24, 16,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
-+};
-+
-+const EVP_CIPHER cryptodev_aes_256_cbc = {
-+	NID_aes_256_cbc,
-+	16, 32, 16,
-+	EVP_CIPH_CBC_MODE,
-+	cryptodev_init_key,
-+	cryptodev_cipher,
-+	cryptodev_cleanup,
-+	sizeof(struct dev_crypto_state),
-+	EVP_CIPHER_set_asn1_iv,
-+	EVP_CIPHER_get_asn1_iv,
-+	NULL
-+};
-+
- /*
-  * Registered by the ENGINE when used to find out how to deal with
-  * a particular NID in the ENGINE. this says what we'll do at the
-@@ -587,7 +583,13 @@ cryptodev_engine_ciphers(ENGINE *e, cons
- 		*cipher = &cryptodev_cast_cbc;
- 		break;
- 	case NID_aes_128_cbc:
--		*cipher = &cryptodev_aes_cbc;
-+		*cipher = &cryptodev_aes_128_cbc;
-+		break;
-+	case NID_aes_192_cbc:
-+		*cipher = &cryptodev_aes_192_cbc;
-+		break;
-+	case NID_aes_256_cbc:
-+		*cipher = &cryptodev_aes_256_cbc;
- 		break;
- 	default:
- 		*cipher = NULL;
diff --git a/security/openssl/files/patch-hw_cryptodev.c-cloning b/security/openssl/files/patch-hw_cryptodev.c-cloning
deleted file mode 100644
index 82c159a32528..000000000000
--- a/security/openssl/files/patch-hw_cryptodev.c-cloning
+++ /dev/null
@@ -1,37 +0,0 @@
-Index: crypto/engine/hw_cryptodev.c
-===================================================================
-RCS file: /home/ncvs/src/crypto/openssl/crypto/engine/hw_cryptodev.c,v
-retrieving revision 1.1.1.3
-diff -u -r1.1.1.3 hw_cryptodev.c
---- crypto/engine/hw_cryptodev.c	17 Mar 2004 15:44:46 -0000	1.1.1.3
-+++ crypto/engine/hw_cryptodev.c	18 Jan 2005 12:27:17 -0000
-@@ -180,6 +180,10 @@
- 		return (-1);
- 	if (ioctl(fd, CRIOGET, &retfd) == -1)
- 		return (-1);
-+	if (retfd == -1)
-+		retfd = fd;
-+	else
-+		close(fd);
- 
- 	/* close on exec */
- 	if (fcntl(retfd, F_SETFD, 1) == -1) {
-Index: crypto/evp/openbsd_hw.c
-===================================================================
-RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/openbsd_hw.c,v
-retrieving revision 1.1.1.1
-diff -u -r1.1.1.1 openbsd_hw.c
---- crypto/evp/openbsd_hw.c	28 Jan 2003 21:24:39 -0000	1.1.1.1
-+++ crypto/evp/openbsd_hw.c	18 Jan 2005 12:26:45 -0000
-@@ -109,7 +109,10 @@
- 	    dev_failed=1;
- 	    return 0;
- 	    }
--	close(cryptodev_fd);
-+	if (fd == -1)
-+		fd = cryptodev_fd;
-+	else
-+		close(cryptodev_fd);
- 	}
-     assert(ses);
-     memset(ses,'\0',sizeof *ses);
diff --git a/security/openssl/files/patch-openbsd_hw.c b/security/openssl/files/patch-openbsd_hw.c
new file mode 100644
index 000000000000..d10c78013976
--- /dev/null
+++ b/security/openssl/files/patch-openbsd_hw.c
@@ -0,0 +1,19 @@
+Index: crypto/evp/openbsd_hw.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/openbsd_hw.c,v
+retrieving revision 1.1.1.1
+diff -u -r1.1.1.1 openbsd_hw.c
+--- crypto/evp/openbsd_hw.c	28 Jan 2003 21:24:39 -0000	1.1.1.1
++++ crypto/evp/openbsd_hw.c	18 Jan 2005 12:26:45 -0000
+@@ -109,7 +109,10 @@
+ 	    dev_failed=1;
+ 	    return 0;
+ 	    }
+-	close(cryptodev_fd);
++	if (fd == -1)
++		fd = cryptodev_fd;
++	else
++		close(cryptodev_fd);
+ 	}
+     assert(ses);
+     memset(ses,'\0',sizeof *ses);
diff --git a/security/openssl/files/patch-ssl-ssl_lib.c b/security/openssl/files/patch-ssl-ssl_lib.c
deleted file mode 100644
index 826d1c0e9af2..000000000000
--- a/security/openssl/files/patch-ssl-ssl_lib.c
+++ /dev/null
@@ -1,42 +0,0 @@
---- ssl/ssl_lib.c	2006/09/28 11:53:51	1.110.2.19
-+++ ssl/ssl_lib.c	2007/10/04 08:01:21	1.110.2.20
-@@ -1169,7 +1169,6 @@
- char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
- 	{
- 	char *p;
--	const char *cp;
- 	STACK_OF(SSL_CIPHER) *sk;
- 	SSL_CIPHER *c;
- 	int i;
-@@ -1182,20 +1181,21 @@
- 	sk=s->session->ciphers;
- 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- 		{
--		/* Decrement for either the ':' or a '\0' */
--		len--;
-+		int n;
-+
- 		c=sk_SSL_CIPHER_value(sk,i);
--		for (cp=c->name; *cp; )
-+		n=strlen(c->name);
-+		if (n+1 > len)
- 			{
--			if (len-- <= 0)
--				{
--				*p='\0';
--				return(buf);
--				}
--			else
--				*(p++)= *(cp++);
-+			if (p != buf)
-+				--p;
-+			*p='\0';
-+			return buf;
- 			}
-+		strcpy(p,c->name);
-+		p+=n;
- 		*(p++)=':';
-+		len-=n+1;
- 		}
- 	p[-1]='\0';
- 	return(buf);
author	Dirk Meyer <dinoex@FreeBSD.org>	2009-01-09 18:49:06 +0000
committer	Dirk Meyer <dinoex@FreeBSD.org>	2009-01-09 18:49:06 +0000
commit	4c5fb218aa42e3f9d65ac47e21ec08b5fa318364 (patch)
tree	d1d63d8a89bb692fc4467b6daeffdb1f66240bf0 /security/openssl
parent	67266c99eab43ab6c56b4a71c087e39a2b19285d (diff)
download	ports-4c5fb218aa42e3f9d65ac47e21ec08b5fa318364.tar.gz ports-4c5fb218aa42e3f9d65ac47e21ec08b5fa318364.zip