From 7fe566950277075323b28aa1be202a9d7402edc9 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon, 27 Apr 2015 21:19:46 +0200
Subject: [PATCH 1/2] openssl: change sse2 optimization to i686.

---
 lfs/openssl | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lfs/openssl b/lfs/openssl
index 9cc1b4b0f..814c1e301 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -33,7 +33,16 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 
 TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)
 
+ifneq "$(KCFG)" "-sse2"
 CFLAGS += -DPURIFY
+else
+CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
+CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4
+CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
+CFLAGS+= -fomit-frame-pointer -DPURIFY
+CXXFLAGS="${CFLAGS}"
+endif
+
 export RPM_OPT_FLAGS = $(CFLAGS)
 
 CONFIGURE_OPTIONS = \

From f68ae02d39eb10fa949f07b1c4cfc68b224a1ee0 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon, 27 Apr 2015 22:15:20 +0200
Subject: [PATCH 2/2] openssl: auto enable padlock engine.

---
 lfs/openssl                                   |  5 +++
 .../openssl-1.0.2a_auto_enable_padlock.patch  | 34 +++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 src/patches/openssl-1.0.2a_auto_enable_padlock.patch

diff --git a/lfs/openssl b/lfs/openssl
index 814c1e301..a1f4fbe73 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -117,6 +117,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
 
+	# Enable Padlock in i586
+ifeq "$(MACHINE)" "i586"
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
+endif
+
 	# Apply our CFLAGS
 	cd $(DIR_APP) && sed -i Configure \
 		-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
diff --git a/src/patches/openssl-1.0.2a_auto_enable_padlock.patch b/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
new file mode 100644
index 000000000..b5c0e95a2
--- /dev/null
+++ b/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
@@ -0,0 +1,34 @@
+diff -Naur openssl-1.0.2a.org/crypto/engine/eng_all.c openssl-1.0.2a/crypto/engine/eng_all.c
+--- openssl-1.0.2a.org/crypto/engine/eng_all.c	2015-03-19 14:30:36.000000000 +0100
++++ openssl-1.0.2a/crypto/engine/eng_all.c	2015-04-27 12:27:05.063569969 +0200
+@@ -120,6 +120,14 @@
+     ENGINE_load_capi();
+ # endif
+ #endif
++#ifdef OPENSSL_NO_STATIC_ENGINE
++	ENGINE *e;
++	e = ENGINE_by_id("padlock");
++	if (e != NULL) {
++		ENGINE_add(e);
++		ENGINE_free(e);
++	}
++#endif
+     ENGINE_register_all_complete();
+ }
+ 
+diff -Naur openssl-1.0.2a.org/ssl/ssl_algs.c openssl-1.0.2a/ssl/ssl_algs.c
+--- openssl-1.0.2a.org/ssl/ssl_algs.c	2015-03-19 14:30:36.000000000 +0100
++++ openssl-1.0.2a/ssl/ssl_algs.c	2015-04-27 11:04:27.893399695 +0200
+@@ -151,5 +151,12 @@
+ #endif
+     /* initialize cipher/digest methods table */
+     ssl_load_ciphers();
++
++    /* Init available hardware crypto engines */
++    ENGINE_load_builtin_engines();
++    ENGINE_register_all_complete();
++    ENGINE * padlock = ENGINE_by_id("padlock");
++    if (padlock) ENGINE_set_default_ciphers(padlock);
++
+     return (1);
+ }