From 2bb158d5192ce9377154a89a2b599b0b0af88866 Mon Sep 17 00:00:00 2001
From: moonman <moonman.ca@gmail.com>
Date: Sun, 28 Mar 2021 01:59:55 -0600
Subject: [PATCH] core/openssl-cryptodev to 1.1.1.k-1

---
 core/openssl-cryptodev/PKGBUILD               | 25 ++++++++++++++++---
 .../openssl-cryptodev.install                 | 12 +++++++++
 2 files changed, 33 insertions(+), 4 deletions(-)
 create mode 100644 core/openssl-cryptodev/openssl-cryptodev.install

diff --git a/core/openssl-cryptodev/PKGBUILD b/core/openssl-cryptodev/PKGBUILD
index bdfde7efc..c6ccaf77d 100644
--- a/core/openssl-cryptodev/PKGBUILD
+++ b/core/openssl-cryptodev/PKGBUILD
@@ -9,26 +9,27 @@ buildarch=14
 
 pkgname=openssl-cryptodev
 _pkgname=openssl
-_ver=1.1.1j
+_ver=1.1.1k
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
 pkgrel=1
-pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
+pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security with cryptodev support'
 arch=('arm' 'armv7h' 'aarch64')
 url='https://www.openssl.org'
 license=('custom:BSD')
 depends=('glibc')
 makedepends=('perl')
-optdepends=('ca-certificates' 'perl')
+optdepends=('ca-certificates' 'perl' 'cryptodev-dkms')
 backup=('etc/ssl/openssl.cnf')
 conflicts=('openssl')
 provides=("openssl=${pkgver}")
+install=${pkgname}.install
 _cryptodevver=1.12
 
 source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"
         'ca-dir.patch'
         "https://github.com/cryptodev-linux/cryptodev-linux/archive/cryptodev-linux-${_cryptodevver}.tar.gz")
-sha256sums=('aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf'
+sha256sums=('892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5'
             '75aa8c2c638c8a3ebfd9fa146fc61c7ff878fc997dc6aa10d39e4b2415d669b2'
             'f51c2254749233b1b1d7ec9445158bd709f124f88e1c650fe2faac83c3a81938')
 
@@ -40,6 +41,22 @@ prepare() {
 
 	# Copy the header file
 	cp -u ${srcdir}/cryptodev-linux-cryptodev-linux-${_cryptodevver}/crypto/cryptodev.h ${srcdir}/openssl-${_ver}/crypto/
+
+	# Modify config file to use cryptodev
+	sed -i "s/HOME\t\t\t= ./HOME\t\t\t= .\n\n# To enable cryptodev, uncomment the line below\n#openssl_conf\t\t= openssl_def/g" \
+		${srcdir}/openssl-${_ver}/apps/openssl.cnf
+        cat << 'EOF' >> ${srcdir}/openssl-${_ver}/apps/openssl.cnf
+
+[openssl_def]
+engines=engine_section
+
+[engine_section]
+devcrypto=devcrypto_section
+
+[devcrypto_section]
+CIPHERS=ALL
+DIGESTS=NONE
+EOF
 }
 
 build() {
diff --git a/core/openssl-cryptodev/openssl-cryptodev.install b/core/openssl-cryptodev/openssl-cryptodev.install
new file mode 100644
index 000000000..47ce104d4
--- /dev/null
+++ b/core/openssl-cryptodev/openssl-cryptodev.install
@@ -0,0 +1,12 @@
+post_install() {
+    echo "________________________________________________________________________________"
+    echo ""
+    echo "          To enable cryptodev edit /etc/ssl/openssl.cnf"
+    echo "          and uncomment the line \"openssl_conf = openssl_def\""
+    echo "          and make sure cryptodev module is loaded."
+    echo " WARNING: openssh's sandboxing feature does not allow using cryptodev,"
+    echo "          so please switch to an alternative, like dropbear, before enabling."
+    echo "          You will lose ssh access if you don't."
+    echo "________________________________________________________________________________"
+    echo ""
+}