Update samba and collectd to current versions

Included padlock patches for openssh and openssl not yet included in make

doc/packages-list.txt

@@ -60,6 +60,7 @@
 * clamav-0.93
 * cmake-2.4.8
 * collectd-4.3.0
+* collectd-4.4.0
 * coreutils-5.96
 * cpio-2.6
 * cups-1.3.7
@@ -242,6 +243,7 @@
 * rsync-2.6.9
 * rtorrent-0.7.9
 * samba-3.0.28a
+* samba-3.0.29
 * sane-1.0.19
 * sane-1.0.19-kmod
 * screen-4.0.3

lfs/collectd

@@ -25,7 +25,7 @@
 include Config
 
 PKG_NAME   = collectd
-VER        = 4.3.0
+VER        = 4.4.0
 
 THISAPP    = collectd-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = ace292ba502f09379741e79561cf2c89
+$(DL_FILE)_MD5 = 76ec42bf1976c1d4110443d845decca3
 
 install : $(TARGET)
 
@@ -80,6 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var \
 		--disable-{apache,apple_sensors,csv,ipvs,mbmon,memcached,mysql} \
 		--disable-{netlink,nginx,nut,perl,serial,snmp,tape,vserver,wireless,xmms} \
+		--disable-{apple_sensors,csv,ipvs,memcached,mysql,netlink,nginx,nut} \
+		--disable-{perl,serial,sensors,snmp,tape,vserver,wireless,xmms} \
 		--enable-{apcups,battery,cpu{,freq},df,disk,dns,email,entropy,exec,hddtemp} \
 		--enable-{interface,iptbles,irq,load,logfile,memory,multimeter} \
 		--enable-{network,nfs,ntpd,ping,processes,rrdtool,swap,sensors,syslog} \

lfs/openssh

@@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ifeq "$(PADLOCK)" "1"
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssh-4.7p1-padlock.patch
+endif
 	cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure
 	cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc/ssh \
 		    --libexecdir=/usr/lib/openssh --with-md5-passwords \

lfs/openssl

@@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ifeq "$(PADLOCK)" "1"
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8g-engine-padlock.patch
+endif
 	@rm -rf /etc/ssl
 	cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config
 	cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure

lfs/samba

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.0.28a
+VER        = 3.0.29
 
 THISAPP    = samba-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 5
+PAK_VER    = 6
 
 DEPS       = "cups cyrus-sasl"
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 59754cb0c19da6e65c42d0a163c5885a
+$(DL_FILE)_MD5 = ac338e28f159e59a8d25cb1d0895cf8e
 
 install : $(TARGET)
 

src/patches/openssh-4.7p1-padlock.patch

@@ -0,0 +1,141 @@
+diff -urN openssh-4.7p1.orig/ssh-add.c openssh-4.7p1/ssh-add.c
+--- openssh-4.7p1.orig/ssh-add.c	2007-09-06 15:16:42.472974134 +0200
++++ openssh-4.7p1/ssh-add.c	2007-09-06 15:21:26.489159294 +0200
+@@ -42,6 +42,7 @@
+ #include <sys/param.h>
+
+ #include <openssl/evp.h>
++#include <openssl/engine.h>
+
+ #include <fcntl.h>
+ #include <pwd.h>
+@@ -343,7 +344,11 @@
+
+ 	SSLeay_add_all_algorithms();
+
+-	/* At first, get a connection to the authentication agent. */
++      	/* Init available hardware crypto engines. */
++	ENGINE_load_builtin_engines();
++	ENGINE_register_all_complete();
++	ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ 	ac = ssh_get_authentication_connection();
+ 	if (ac == NULL) {
+ 		fprintf(stderr,
+diff -urN openssh-4.7p1.orig/ssh-agent.c openssh-4.7p1/ssh-agent.c
+--- openssh-4.7p1.orig/ssh-agent.c	2007-09-06 15:16:42.472974134 +0200
++++ openssh-4.7p1/ssh-agent.c	2007-09-06 15:23:21.495713144 +0200
+@@ -51,6 +51,7 @@
+
+ #include <openssl/evp.h>
+ #include <openssl/md5.h>
++#include <openssl/engine.h>
+
+ #include <errno.h>
+ #include <fcntl.h>
+@@ -1061,6 +1062,11 @@
+
+ 	SSLeay_add_all_algorithms();
+
++      	/* Init available hardware crypto engines. */
++	ENGINE_load_builtin_engines();
++	ENGINE_register_all_complete();
++	ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ 	__progname = ssh_get_progname(av[0]);
+ 	init_rng();
+ 	seed_rng();
+diff -urN openssh-4.7p1.orig/ssh.c openssh-4.7p1/ssh.c
+--- openssh-4.7p1.orig/ssh.c	2007-09-06 15:16:42.472974134 +0200
++++ openssh-4.7p1/ssh.c	2007-09-06 15:24:18.498961574 +0200
+@@ -72,6 +72,7 @@
+
+ #include <openssl/evp.h>
+ #include <openssl/err.h>
++#include <openssl/engine.h>
+
+ #include "xmalloc.h"
+ #include "ssh.h"
+@@ -560,6 +561,11 @@
+ 	SSLeay_add_all_algorithms();
+ 	ERR_load_crypto_strings();
+
++      	/* Init available hardware crypto engines. */
++	ENGINE_load_builtin_engines();
++	ENGINE_register_all_complete();
++	ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ 	/* Initialize the command to execute on remote host. */
+ 	buffer_init(&command);
+
+diff -urN openssh-4.7p1.orig/sshd.c openssh-4.7p1/sshd.c
+--- openssh-4.7p1.orig/sshd.c	2007-09-06 15:16:42.472974134 +0200
++++ openssh-4.7p1/sshd.c	2007-09-06 15:25:03.001497629 +0200
+@@ -75,6 +75,7 @@
+ #include <openssl/bn.h>
+ #include <openssl/md5.h>
+ #include <openssl/rand.h>
++#include <openssl/engine.h>
+ #ifdef HAVE_SECUREWARE
+ #include <sys/security.h>
+ #include <prot.h>
+@@ -1376,6 +1377,11 @@
+
+ 	SSLeay_add_all_algorithms();
+
++      	/* Init available hardware crypto engines. */
++	ENGINE_load_builtin_engines();
++	ENGINE_register_all_complete();
++	ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ 	/*
+ 	 * Force logging to stderr until we have loaded the private host
+ 	 * key (unless started from inetd)
+diff -urN openssh-4.7p1.orig/ssh-keygen.c openssh-4.7p1/ssh-keygen.c
+--- openssh-4.7p1.orig/ssh-keygen.c	2007-09-06 15:16:42.472974134 +0200
++++ openssh-4.7p1/ssh-keygen.c	2007-09-06 15:25:52.982847129 +0200
+@@ -21,6 +21,7 @@
+
+ #include <openssl/evp.h>
+ #include <openssl/pem.h>
++#include <openssl/engine.h>
+
+ #include <errno.h>
+ #include <fcntl.h>
+@@ -1073,6 +1074,12 @@
+ 	__progname = ssh_get_progname(argv[0]);
+
+ 	SSLeay_add_all_algorithms();
++
++      	/* Init available hardware crypto engines. */
++	ENGINE_load_builtin_engines();
++	ENGINE_register_all_complete();
++	ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ 	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+
+ 	init_rng();
+diff -urN openssh-4.7p1.orig/ssh-keysign.c openssh-4.7p1/ssh-keysign.c
+--- openssh-4.7p1.orig/ssh-keysign.c	2007-09-06 15:16:42.472974134 +0200
++++ openssh-4.7p1/ssh-keysign.c	2007-09-06 15:26:18.971328869 +0200
+@@ -38,6 +38,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/rand.h>
+ #include <openssl/rsa.h>
++#include <openssl/engine.h>
+
+ #include "xmalloc.h"
+ #include "log.h"
+@@ -195,6 +196,12 @@
+ 		fatal("could not open any host key");
+
+ 	SSLeay_add_all_algorithms();
++
++      	/* Init available hardware crypto engines. */
++	ENGINE_load_builtin_engines();
++	ENGINE_register_all_complete();
++	ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ 	for (i = 0; i < 256; i++)
+ 		rnd[i] = arc4random();
+ 	RAND_seed(rnd, sizeof(rnd));

src/patches/openssl-0.9.8g-engine-padlock.patch

@@ -0,0 +1,24 @@
+diff -urN openssl-0.9.8g.orig/ssl/ssl_algs.c openssl-0.9.8g/ssl/ssl_algs.c
++++ openssl-0.9.8g/ssl/ssl_algs.c	2007-11-13 19:50:35.356816442 +0100
+--- openssl-0.9.8g.orig/ssl/ssl_algs.c	2007-11-13 19:40:02.820770267 +0100
+@@ -57,6 +57,7 @@
+  */
+
+ #include <stdio.h>
++#include <openssl/engine.h>
+ #include <openssl/objects.h>
+ #include <openssl/lhash.h>
+ #include "ssl_locl.h"
+@@ -127,6 +128,12 @@
+ #endif
+ 	/* initialize cipher/digest methods table */
+ 	ssl_load_ciphers();
++
++	/* Init available hardware crypto engines. */
++	ENGINE_load_builtin_engines();
++	ENGINE_register_all_complete();
++	ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ 	return(1);
+ 	}
+

src/patches/openssl-0.9.8g-sha-padlock.patch

@@ -0,0 +1,620 @@
+diff -urN openssl-0.9.8g.orig/crypto/engine/eng_padlock.c openssl-0.9.8g/crypto/engine/eng_padlock.c
+--- openssl-0.9.8g.orig/crypto/engine/eng_padlock.c	2007-11-13 20:00:28.390611512 +0100
++++ openssl-0.9.8g/crypto/engine/eng_padlock.c	2007-11-13 20:02:52.398818072 +0100
+@@ -74,12 +74,23 @@
+ #ifndef OPENSSL_NO_AES
+ #include <openssl/aes.h>
+ #endif
++#ifndef OPENSSL_NO_SHA
++#include <openssl/sha.h>
++#endif
+ #include <openssl/rand.h>
+ #include <openssl/err.h>
+
+ #ifndef OPENSSL_NO_HW
+ #ifndef OPENSSL_NO_HW_PADLOCK
+
++/* PadLock RNG is disabled by default */
++#define	PADLOCK_NO_RNG	1
++
++/* No ASM routines for SHA in MSC yet */
++#ifdef _MSC_VER
++#define OPENSSL_NO_SHA
++#endif
++
+ /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
+ #if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+ #  ifndef OPENSSL_NO_DYNAMIC_ENGINE
+@@ -135,52 +146,89 @@
+ static int padlock_init(ENGINE *e);
+
+ /* RNG Stuff */
++#ifndef PADLOCK_NO_RNG
+ static RAND_METHOD padlock_rand;
++#endif
+
+ /* Cipher Stuff */
+ #ifndef OPENSSL_NO_AES
+ static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ #endif
+
++/* Digest Stuff */
++#ifndef OPENSSL_NO_SHA
++static int padlock_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
++#endif
++
+ /* Engine names */
+ static const char *padlock_id = "padlock";
+ static char padlock_name[100];
+
+ /* Available features */
+-static int padlock_use_ace = 0;	/* Advanced Cryptography Engine */
+-static int padlock_use_rng = 0;	/* Random Number Generator */
++enum padlock_flags {
++	PADLOCK_RNG  = 0x01,
++	PADLOCK_ACE  = 0x02,
++	PADLOCK_ACE2 = 0x04,
++	PADLOCK_PHE  = 0x08,
++	PADLOCK_PMM  = 0x10
++};
++enum padlock_flags padlock_flags;
++
++#define PADLOCK_HAVE_RNG  (padlock_flags & PADLOCK_RNG)
++#define PADLOCK_HAVE_ACE  (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2))
++#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE)
++#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2)
++#define PADLOCK_HAVE_PHE  (padlock_flags & PADLOCK_PHE)
++#define PADLOCK_HAVE_PMM  (padlock_flags & PADLOCK_PMM)
++
+ #ifndef OPENSSL_NO_AES
+ static int padlock_aes_align_required = 1;
+ #endif
+
++/* Init / Max buffer sizes for SHA */
++#define PADLOCK_SHA_INIT_ORD	13	/* = 8192 */
++#define PADLOCK_SHA_MAX_ORD	13	/* = 8192 */
++
+ /* ===== Engine "management" functions ===== */
+
+ /* Prepare the ENGINE structure for registration */
+ static int
+ padlock_bind_helper(ENGINE *e)
+ {
++	char phe_string[20];
++
+ 	/* Check available features */
+ 	padlock_available();
+
+-#if 1	/* disable RNG for now, see commentary in vicinity of RNG code */
+-	padlock_use_rng=0;
+-#endif
++	/* Build PHE info with buffer size argument */
++	if (PADLOCK_HAVE_PHE)
++		BIO_snprintf(phe_string, sizeof(phe_string),
++			     "PHE(%lu) ", 1UL << PADLOCK_SHA_MAX_ORD);
+
+ 	/* Generate a nice engine name with available features */
+ 	BIO_snprintf(padlock_name, sizeof(padlock_name),
+-		"VIA PadLock (%s, %s)",
+-		 padlock_use_rng ? "RNG" : "no-RNG",
+-		 padlock_use_ace ? "ACE" : "no-ACE");
++		"VIA PadLock: %s%s%s%s%s",
++		 padlock_flags ? "" : "not supported",
++		 PADLOCK_HAVE_RNG ? "RNG " : "",
++		 PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "",
++		 PADLOCK_HAVE_PHE ? phe_string : "",
++		 PADLOCK_HAVE_PMM ? "PMM " : "");
+
+ 	/* Register everything or return with an error */
+ 	if (!ENGINE_set_id(e, padlock_id) ||
+ 	    !ENGINE_set_name(e, padlock_name) ||
+
+-	    !ENGINE_set_init_function(e, padlock_init) ||
++	    !ENGINE_set_init_function(e, padlock_init)
+ #ifndef OPENSSL_NO_AES
+-	    (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
++	    || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers))
++#endif
++#ifndef OPENSSL_NO_SHA
++	    || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests))
++#endif
++#ifndef PADLOCK_NO_RNG
++	    || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand))
+ #endif
+-	    (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
++	    ) {
+ 		return 0;
+ 	}
+
+@@ -210,7 +258,7 @@
+ static int
+ padlock_init(ENGINE *e)
+ {
+-	return (padlock_use_rng || padlock_use_ace);
++	return (padlock_flags);
+ }
+
+ /* This stuff is needed if this ENGINE is being compiled into a self-contained
+@@ -237,6 +285,17 @@
+
+ /* ===== Here comes the "real" engine ===== */
+
++#ifdef __GNUC__
++#define likely(x)       __builtin_expect(!!(x), 1)
++#define unlikely(x)     __builtin_expect(!!(x), 0)
++#else
++#define likely(x)       (x)
++#define unlikely(x)     (x)
++#endif
++
++/* How to test if we need to typedef uint32_t ??? */
++typedef unsigned long uint32_t;
++
+ #ifndef OPENSSL_NO_AES
+ /* Some AES-related constants */
+ #define AES_BLOCK_SIZE		16
+@@ -362,10 +421,22 @@
+ 		: "+a"(eax), "=d"(edx) : : "ecx");
+
+ 	/* Fill up some flags */
+-	padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
+-	padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
++	padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0);
++	padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0);
++	padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0);
++	padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0);
++	padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0);
+
+-	return padlock_use_ace + padlock_use_rng;
++	return padlock_flags;
++}
++
++static inline void
++padlock_htonl_block(uint32_t *data, size_t count)
++{
++	while (count--) {
++		asm volatile ("bswapl %0" : "+r"(*data));
++		data++;
++	}
+ }
+
+ #ifndef OPENSSL_NO_AES
+@@ -374,12 +445,9 @@
+ padlock_bswapl(AES_KEY *ks)
+ {
+ 	size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
+-	unsigned int *key = ks->rd_key;
++	uint32_t *key = (uint32_t*) ks->rd_key;
+
+-	while (i--) {
+-		asm volatile ("bswapl %0" : "+r"(*key));
+-		key++;
+-	}
++	padlock_htonl_block(key, i);
+ }
+ #endif
+
+@@ -1154,6 +1222,415 @@
+
+ #endif /* OPENSSL_NO_AES */
+
++#ifndef OPENSSL_NO_SHA
++
++// #define PADLOCK_SHA_STAT 1
++
++union sha_all_ctx {
++	SHA_CTX		sha_ctx;
++	SHA256_CTX	sha256_ctx;	/* shared with SHA224 */
++};
++
++typedef int (*f_sha_init)(void *c);
++typedef int (*f_sha_update)(void *c, const void *_data, size_t len);
++typedef int (*f_sha_final)(unsigned char *md, void *c);
++typedef void (*f_sha_padlock)(char *in, unsigned char *out, int count);
++
++struct sha_digest_functions {
++	f_sha_init	init;
++	f_sha_update	update;
++	f_sha_final	final;
++	f_sha_padlock	padlock;
++};
++
++/* Don't forget to initialize all relevant
++ * fields in padlock_sha_init() or face the
++ * consequences!!!
++ * BTW We don't use bzero() on this structure
++ *     because zeroing fallback_ctx is
++ *     a waste of time. */
++struct padlock_digest_data {
++	void		*buf_start, *buf_alloc;
++	ssize_t		used;
++	unsigned long	order:8, bypass:1;
++	/* Fallback support */
++	struct sha_digest_functions	fallback_fcs;
++	union sha_all_ctx		fallback_ctx;
++#ifdef PADLOCK_SHA_STAT
++	size_t		stat_count, stat_total;
++#endif
++};
++
++#ifdef PADLOCK_SHA_STAT
++size_t all_count, all_total;
++#endif
++
++#define DIGEST_DATA(ctx) ((struct padlock_digest_data *)(ctx->md_data))
++#define DDATA_FREE(ddata) ((size_t)(1L << ddata->order) - ddata->used)
++
++static void
++padlock_sha_bypass(struct padlock_digest_data *ddata)
++{
++	if (ddata->bypass)
++		return;
++
++	ddata->fallback_fcs.init(&ddata->fallback_ctx);
++	if (ddata->buf_start && ddata->used > 0) {
++		ddata->fallback_fcs.update(&ddata->fallback_ctx, ddata->buf_start, ddata->used);
++		if (ddata->buf_alloc) {
++			memset(ddata->buf_start, 0, ddata->used);
++			free(ddata->buf_alloc);
++			ddata->buf_alloc = 0;
++		}
++	}
++	ddata->buf_start = 0;
++	ddata->used = 0;
++	ddata->bypass = 1;
++
++	return;
++}
++
++static void
++padlock_do_sha1(char *in, char *out, int count)
++{
++	/* We can't store directly to *out as it
++	 * doesn't have to be aligned. But who cares,
++	 * it's only a few bytes... */
++	char buf[128+16];
++	unsigned char *output = NEAREST_ALIGNED(buf);
++
++	((uint32_t*)output)[0] = 0x67452301;
++	((uint32_t*)output)[1] = 0xEFCDAB89;
++	((uint32_t*)output)[2] = 0x98BADCFE;
++	((uint32_t*)output)[3] = 0x10325476;
++	((uint32_t*)output)[4] = 0xC3D2E1F0;
++
++	asm volatile (".byte 0xf3,0x0f,0xa6,0xc8"	/* rep xsha1 */
++		      : "+S"(in), "+D"(output)
++		      : "c"(count), "a"(0));
++
++	memcpy(out, output, 5 * sizeof(uint32_t));
++
++	padlock_htonl_block((uint32_t*)out, 5);
++}
++
++static void
++padlock_do_sha224(char *in, char *out, int count)
++{
++	/* We can't store directly to *out as it
++	 * doesn't have to be aligned. But who cares,
++	 * it's only a few bytes... */
++	char buf[128+16];
++	unsigned char *output = NEAREST_ALIGNED(buf);
++
++	((uint32_t*)output)[0] = 0xC1059ED8UL;
++	((uint32_t*)output)[1] = 0x367CD507UL;
++	((uint32_t*)output)[2] = 0x3070DD17UL;
++	((uint32_t*)output)[3] = 0xF70E5939UL;
++	((uint32_t*)output)[4] = 0xFFC00B31UL;
++	((uint32_t*)output)[5] = 0x68581511UL;
++	((uint32_t*)output)[6] = 0x64F98FA7UL;
++	((uint32_t*)output)[7] = 0xBEFA4FA4UL;
++
++	asm volatile (".byte 0xf3,0x0f,0xa6,0xd0"	/* rep xsha256 */
++		      : "+S"(in), "+D"(output)
++		      : "c"(count), "a"(0));
++
++	memcpy(out, output, 7 * sizeof(uint32_t));
++
++	padlock_htonl_block((uint32_t*)out, 7);
++}
++
++static void
++padlock_do_sha256(char *in, char *out, int count)
++{
++	/* We can't store directly to *out as it
++	 * doesn't have to be aligned. But who cares,
++	 * it's only a few bytes... */
++	char buf[128+16];
++	unsigned char *output = NEAREST_ALIGNED(buf);
++
++	((uint32_t*)output)[0] = 0x6A09E667;
++	((uint32_t*)output)[1] = 0xBB67AE85;
++	((uint32_t*)output)[2] = 0x3C6EF372;
++	((uint32_t*)output)[3] = 0xA54FF53A;
++	((uint32_t*)output)[4] = 0x510E527F;
++	((uint32_t*)output)[5] = 0x9B05688C;
++	((uint32_t*)output)[6] = 0x1F83D9AB;
++	((uint32_t*)output)[7] = 0x5BE0CD19;
++
++	asm volatile (".byte 0xf3,0x0f,0xa6,0xd0"	/* rep xsha256 */
++		      : "+S"(in), "+D"(output)
++		      : "c"(count), "a"(0));
++
++	memcpy(out, output, 8 * sizeof(uint32_t));
++
++	padlock_htonl_block((uint32_t*)out, 8);
++}
++
++static int
++padlock_sha_init(EVP_MD_CTX *ctx)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++
++	ddata->used = 0;
++	ddata->bypass = 0;
++
++	ddata->order = PADLOCK_SHA_INIT_ORD;
++	ddata->buf_alloc = malloc((1L << ddata->order) + 16);
++	ddata->buf_start = NEAREST_ALIGNED(ddata->buf_alloc);
++
++	return 1;
++}
++
++static int
++padlock_sha1_init(EVP_MD_CTX *ctx)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++
++	ddata->fallback_fcs.init = (f_sha_init)SHA1_Init;
++	ddata->fallback_fcs.update = (f_sha_update)SHA1_Update;
++	ddata->fallback_fcs.final = (f_sha_final)SHA1_Final;
++	ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha1;
++
++	return padlock_sha_init(ctx);
++}
++
++static int
++padlock_sha224_init(EVP_MD_CTX *ctx)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++
++	ddata->fallback_fcs.init = (f_sha_init)SHA224_Init;
++	ddata->fallback_fcs.update = (f_sha_update)SHA224_Update;
++	ddata->fallback_fcs.final = (f_sha_final)SHA224_Final;
++	ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha224;
++
++	return padlock_sha_init(ctx);
++}
++
++static int
++padlock_sha256_init(EVP_MD_CTX *ctx)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++
++	ddata->fallback_fcs.init = (f_sha_init)SHA256_Init;
++	ddata->fallback_fcs.update = (f_sha_update)SHA256_Update;
++	ddata->fallback_fcs.final = (f_sha_final)SHA256_Final;
++	ddata->fallback_fcs.padlock = (f_sha_padlock)padlock_do_sha256;
++
++	return padlock_sha_init(ctx);
++}
++
++static int
++padlock_sha_update(EVP_MD_CTX *ctx, const void *data, size_t length)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++
++#ifdef PADLOCK_SHA_STAT
++	ddata->stat_count++;
++	ddata->stat_total += length;
++	all_count++;
++	all_total += length;
++#endif
++	if (unlikely(ddata->bypass)) {
++		ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length);
++		return 1;
++	}
++	if (unlikely(DDATA_FREE(ddata) < length)) {
++		if (likely(ddata->used + length > (1 << PADLOCK_SHA_MAX_ORD))) {
++			/* Too much data to be stored -> bypass to SW SHA */
++			padlock_sha_bypass(ddata);
++			ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length);
++			return 1;
++		} else {
++			/* Resize the alocated buffer */
++			char *new_buf;
++			size_t new_size;
++
++			while ((1<<++ddata->order) < (ddata->used + length));
++			new_size = (1<<ddata->order);
++			if(!(new_buf = realloc(ddata->buf_alloc, new_size + 16))) {
++				/* fallback plan again */
++				padlock_sha_bypass(ddata);
++				ddata->fallback_fcs.update(&ddata->fallback_ctx, data, length);
++				return 1;
++			}
++			ddata->buf_alloc = new_buf;
++			ddata->buf_start = NEAREST_ALIGNED(new_buf);
++		}
++	}
++
++	memcpy(ddata->buf_start + ddata->used, data, length);
++	ddata->used += length;
++
++	return 1;
++}
++
++static int
++padlock_sha_final(EVP_MD_CTX *ctx, unsigned char *md)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++
++#ifdef PADLOCK_SHA_STAT
++	fprintf(stderr, "PadLock CTX: cnt=%zu, tot=%zu, avg=%zu\n",
++		ddata->stat_count, ddata->stat_total,
++		ddata->stat_count ? (ddata->stat_total/ddata->stat_count) : 0);
++	fprintf(stderr, "PadLock ALL: cnt=%zu, tot=%zu, avg=%zu\n",
++		all_count, all_total, all_count ? (all_total/all_count) : 0);
++#endif
++
++	if (ddata->bypass) {
++		ddata->fallback_fcs.final(md, &ddata->fallback_ctx);
++		return 1;
++	}
++
++	/* Pass the input buffer to PadLock microcode... */
++	ddata->fallback_fcs.padlock(ddata->buf_start, md, ddata->used);
++	memset(ddata->buf_start, 0, ddata->used);
++	free(ddata->buf_alloc);
++	ddata->buf_start = 0;
++	ddata->buf_alloc = 0;
++	ddata->used = 0;
++
++	return 1;
++}
++
++static int
++padlock_sha_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
++{
++	struct padlock_digest_data *ddata_from = DIGEST_DATA(from);
++	struct padlock_digest_data *ddata_to = DIGEST_DATA(to);
++
++	memcpy(ddata_to, ddata_from, sizeof(struct padlock_digest_data));
++	if (ddata_from->buf_alloc) {
++		ddata_to->buf_alloc = malloc(1L << ddata_to->order);
++		if (!ddata_to->buf_start) {
++			fprintf(stderr, "%s(): malloc() failed\n", __func__);
++			exit(1);
++		}
++		ddata_to->buf_start = NEAREST_ALIGNED(ddata_to->buf_alloc);
++		memcpy(ddata_to->buf_start, ddata_from->buf_start, ddata_from->used);
++	}
++	return 1;
++}
++
++static int
++padlock_sha_cleanup(EVP_MD_CTX *ctx)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++
++	if (ddata->buf_alloc) {
++		memset(ddata->buf_start, 0, ddata->used);
++		free(ddata->buf_alloc);
++	}
++
++	memset(ddata, 0, sizeof(struct padlock_digest_data));
++
++	return 1;
++}
++
++static const EVP_MD padlock_sha1_md = {
++	NID_sha1,
++	NID_sha1WithRSAEncryption,
++	SHA_DIGEST_LENGTH,
++	0,
++	padlock_sha1_init,
++	padlock_sha_update,
++	padlock_sha_final,
++	padlock_sha_copy,
++	padlock_sha_cleanup,
++	EVP_PKEY_RSA_method,
++	SHA_CBLOCK,
++	sizeof(struct padlock_digest_data),
++};
++
++static const EVP_MD padlock_sha224_md = {
++	NID_sha224,
++	NID_sha224WithRSAEncryption,
++	SHA224_DIGEST_LENGTH,
++	0,
++	padlock_sha224_init,
++	padlock_sha_update,
++	padlock_sha_final,
++	padlock_sha_copy,
++	padlock_sha_cleanup,
++	EVP_PKEY_RSA_method,
++	SHA_CBLOCK,
++	sizeof(struct padlock_digest_data),
++};
++
++static const EVP_MD padlock_sha256_md = {
++	NID_sha256,
++	NID_sha256WithRSAEncryption,
++	SHA256_DIGEST_LENGTH,
++	0,
++	padlock_sha256_init,
++	padlock_sha_update,
++	padlock_sha_final,
++	padlock_sha_copy,
++	padlock_sha_cleanup,
++	EVP_PKEY_RSA_method,
++	SHA_CBLOCK,
++	sizeof(struct padlock_digest_data),
++};
++
++static int padlock_digest_nids[] = {
++#if !defined(OPENSSL_NO_SHA)
++	NID_sha1,
++#endif
++#if !defined(OPENSSL_NO_SHA256)
++#if !defined(OPENSSL_NO_SHA224)
++	NID_sha224,
++#endif
++	NID_sha256,
++#endif
++};
++
++static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]);
++
++static int
++padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
++{
++	/* No specific digest => return a list of supported nids ... */
++	if (!digest) {
++		*nids = padlock_digest_nids;
++		return padlock_digest_nids_num;
++	}
++
++	/* ... or the requested "digest" otherwise */
++	switch (nid) {
++#if !defined(OPENSSL_NO_SHA)
++	  case NID_sha1:
++	    *digest = &padlock_sha1_md;
++	    break;
++#endif
++
++
++#if !defined(OPENSSL_NO_SHA256)
++#if !defined(OPENSSL_NO_SHA224)
++	  case NID_sha224:
++	    *digest = &padlock_sha224_md;
++	    break;
++#endif	/* OPENSSL_NO_SHA224 */
++
++	  case NID_sha256:
++	    *digest = &padlock_sha256_md;
++	    break;
++#endif	/* OPENSSL_NO_SHA256 */
++
++	  default:
++	    /* Sorry, we don't support this NID */
++	    *digest = NULL;
++	    return 0;
++	}
++
++	return 1;
++}
++
++#endif /* OPENSSL_NO_SHA */
++
++#ifndef PADLOCK_NO_RNG
+ /* ===== Random Number Generator ===== */
+ /*
+  * This code is not engaged. The reason is that it does not comply
+@@ -1209,6 +1686,7 @@
+ 	padlock_rand_bytes,	/* pseudorand */
+ 	padlock_rand_status,	/* rand status */
+ };
++#endif /* PADLOCK_NO_RNG */
+
+ #endif /* COMPILE_HW_PADLOCK */
+