diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index c39e28510f0..fe732299157 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -1,72 +1,216 @@
 if PACKAGE_libopenssl
 
-config OPENSSL_WITH_EC
+comment "Build Options"
+
+config OPENSSL_OPTIMIZE_SPEED
+	bool
+	prompt "Enable optimization for speed instead of size"
+	select OPENSSL_WITH_ASM
+	help
+		Enabling this option increases code size (around 20%) and
+		performance.  The increase in performance and size depends on the
+		target CPU. EC and AES seem to benefit the most, with EC speed
+		increased by 20%-50% (mipsel & x86).
+		AES-GCM is supposed to be 3x faster on x86. YMMV.
+
+config OPENSSL_WITH_ASM
 	bool
 	default y
-	prompt "Enable elliptic curve support"
+	prompt "Compile with optimized assembly code"
+	depends on !arc
+	help
+		Disabling this option will reduce code size and performance.
+		The increase in performance and size depends on the target
+		CPU and on the algorithms being optimized.  As of 1.1.0i*:
 
-config OPENSSL_WITH_EC2M
-        bool
-        depends on OPENSSL_WITH_EC
-        prompt "Enable ec2m support"
+		Platform  Pkg Inc. Algorithms where assembly is used - ~% Speed Increase
+		aarch64   174K     BN, aes, sha1, sha256, sha512, nist256, poly1305
+		arm       152K     BN, aes, sha1, sha256, sha512, nist256, poly1305
+		i386      183K     BN+147%, aes+300%, rc4+55%, sha1+160%, sha256+114%, sha512+270%, nist256+282%, poly1305+292%
+		mipsel      1.5K   BN+97%, aes+4%, sha1+94%, sha256+60%
+		mips64	    3.7K   BN, aes, sha1, sha256, sha512, poly1305
+		powerpc    20K     BN, aes, sha1, sha256, sha512, poly1305
+		x86_64    228K     BN+220%, aes+173%, rc4+38%, sha1+40%, sha256+64%, sha512+31%, nist256+354%, poly1305+228%
 
-config OPENSSL_WITH_SSL3
+		* Only most common algorithms shown. Your mileage may vary.
+		  BN (bignum) performance was measured using RSA sign/verify.
+
+config OPENSSL_WITH_SSE2
 	bool
-	default n
-	prompt "Enable sslv3 support"
+	default y if !TARGET_x86_legacy && !TARGET_x86_geode
+	prompt "Enable use of x86 SSE2 instructions"
+	depends on OPENSSL_WITH_ASM && i386
+	help
+		Use of SSE2 instructions greatly increase performance (up to
+		3x faster) with a minimum (~0.2%, or 23KB) increase in package
+		size, but it will bring no benefit if your hardware does not
+		support them, such as Geode GX and LX.  In this case you may
+		save 23KB by saying yes here.  AMD Geode NX, and Intel
+		Pentium 4 and above support SSE2.
 
 config OPENSSL_WITH_DEPRECATED
 	bool
 	default y
-	prompt "Include deprecated APIs"
+	prompt "Include deprecated APIs (See help for a list of packages that need this)"
+	help
+		Squid currently requires this.
 
 config OPENSSL_NO_DEPRECATED
 	bool
 	default !OPENSSL_WITH_DEPRECATED
 
+config OPENSSL_WITH_ERROR_MESSAGES
+	bool
+	prompt "Include error messages"
+	help
+		This option aids debugging, but increases package size and
+		memory usage.
+
+comment "Protocol Support"
+
 config OPENSSL_WITH_DTLS
 	bool
-	default n
 	prompt "Enable DTLS support"
-
-config OPENSSL_WITH_COMPRESSION
-	bool
-	default n
-	prompt "Enable compression support"
+	help
+		Datagram Transport Layer Security (DTLS) provides TLS-like security
+		for datagram-based (UDP, DCCP, CAPWAP, SCTP & SRTP) applications.
 
 config OPENSSL_WITH_NPN
 	bool
 	default y
 	prompt "Enable NPN support"
-
-config OPENSSL_WITH_PSK
-	bool
-	default y
-	prompt "Enable PSK support"
+	help
+		NPN is a TLS extension, obsoleted and replaced with ALPN,
+		used to negotiate SPDY, and HTTP/2.
 
 config OPENSSL_WITH_SRP
 	bool
 	default y
 	prompt "Enable SRP support"
+	help
+		The Secure Remote Password protocol (SRP) is an augmented
+		password-authenticated key agreement (PAKE) protocol, specifically
+		designed to work around existing patents.
+
+config OPENSSL_WITH_CMS
+	bool
+	default y
+	prompt "Enable CMS (RFC 5652) support"
+	help
+		Cryptographic Message Syntax (CMS) is used to digitally sign,
+		digest, authenticate, or encrypt arbitrary message content.
+
+comment "Algorithm Selection"
+
+config OPENSSL_WITH_EC
+	bool
+	default y
+	prompt "Enable elliptic curve support"
+	help
+		Elliptic-curve cryptography (ECC) is an approach to public-key
+		cryptography based on the algebraic structure of elliptic curves
+		over finite fields. ECC requires smaller keys compared to non-ECC
+		cryptography to provide equivalent security.
+
+config OPENSSL_WITH_EC2M
+	bool
+	depends on OPENSSL_WITH_EC
+	prompt "Enable ec2m support"
+	help
+		This option enables the more efficient, yet less common, binary
+		field elliptic curves.
+
+config OPENSSL_WITH_PSK
+	bool
+	default y
+	prompt "Enable PSK support"
+	help
+		Build support for Pre-Shared Key based cipher suites.
+
+comment "Less commonly used build options"
+
+config OPENSSL_WITH_CAMELLIA
+	bool
+	prompt "Enable Camellia cipher support"
+	help
+		Camellia is a bock cipher with security levels and processing
+		abilities comparable to AES.
+
+config OPENSSL_WITH_IDEA
+	bool
+	prompt "Enable IDEA cipher support"
+	help
+		IDEA is a block cipher with 128-bit keys.
+
+config OPENSSL_WITH_SEED
+	bool
+	prompt "Enable SEED cipher support"
+	help
+		SEED is a block cipher with 128-bit keys broadly used in
+		South Korea, but seldom found elsewhere.
+
+config OPENSSL_WITH_MDC2
+	bool
+	prompt "Enable MDC2 digest support"
+
+config OPENSSL_WITH_WHIRLPOOL
+	bool
+	prompt "Enable Whirlpool digest support"
+
+config OPENSSL_WITH_COMPRESSION
+	bool
+	prompt "Enable compression support"
+	help
+		TLS compression is not recommended, as it is deemed insecure.
+		The CRIME attack exploits this weakness.
+		Even with this option turned on, it is disabled by default, and the
+		application must explicitly turn it on.
+
+config OPENSSL_WITH_RFC3779
+	bool
+	prompt "Enable RFC3779 support (BGP)"
+	help
+		RFC 3779 defines two X.509 v3 certificate extensions.  The first
+		binds a list of IP address blocks, or prefixes, to the subject of a
+		certificate.  The second binds a list of autonomous system
+		identifiers to the subject of a certificate.  These extensions may be
+		used to convey the authorization of the subject to use the IP
+		addresses and autonomous system identifiers contained in the
+		extensions.
+
+comment "Engine/Hardware Support"
+
+config OPENSSL_ENGINE
+	bool "Enable engine support"
+	help
+		This enables alternative cryptography implementations,
+		most commonly for interfacing with external crypto devices,
+		or supporting new/alternative ciphers and digests.
+
+config OPENSSL_ENGINE_CRYPTO
+	bool
+	select OPENSSL_ENGINE
+	select PACKAGE_kmod-cryptodev
+	prompt "Acceleration support through /dev/crypto"
+	help
+		This enables use of hardware acceleration through OpenBSD
+		Cryptodev API (/dev/crypto) interface.
+		You must install kmod-cryptodev (under Kernel modules, Cryptographic
+		API modules) for /dev/crypto to show up and use hardware
+		acceleration; otherwise it falls back to software.
 
 config OPENSSL_ENGINE_DIGEST
 	bool
 	depends on OPENSSL_ENGINE_CRYPTO
-	prompt "Digests acceleration support"
+	prompt "/dev/crypto digest (md5/sha1) acceleration support"
 
-config OPENSSL_HARDWARE_SUPPORT
+config OPENSSL_WITH_GOST
 	bool
-	default n
-	prompt "Enable hardware support"
-
-config OPENSSL_OPTIMIZE_SPEED
-	bool
-	default n
-	prompt "Enable optimization for speed instead of size"
+	prompt "Prepare library for GOST engine"
+	depends on OPENSSL_ENGINE
+	help
+		This option prepares the library to accept engine support
+		for Russian GOST crypto algorithms.
 
 endif
 
-config OPENSSL_ENGINE_CRYPTO
-	bool
-	select OPENSSL_HARDWARE_SUPPORT
-	prompt "Crypto acceleration support" if PACKAGE_libopenssl
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 71c2c9c028f..d9b1de2581e 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -15,7 +15,7 @@ PKG_RELEASE:=2
 PKG_USE_MIPS16:=0
 
 PKG_BUILD_PARALLEL:=0
-
+PKG_BUILD_DEPENDS:=cryptodev-linux
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
@@ -25,24 +25,35 @@ PKG_SOURCE_URL:= \
 	http://www.openssl.org/source/ \
 	http://www.openssl.org/source/old/$(PKG_BASE)/
 PKG_HASH:=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684
+ENGINES_DIR=engines
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
 PKG_CPE_ID:=cpe:/a:openssl:openssl
 PKG_CONFIG_DEPENDS:= \
+	CONFIG_OPENSSL_ENGINE \
 	CONFIG_OPENSSL_ENGINE_CRYPTO \
 	CONFIG_OPENSSL_ENGINE_DIGEST \
+	CONFIG_OPENSSL_NO_DEPRECATED \
+	CONFIG_OPENSSL_OPTIMIZE_SPEED \
+	CONFIG_OPENSSL_WITH_ASM \
+	CONFIG_OPENSSL_WITH_CAMELLIA \
+	CONFIG_OPENSSL_WITH_CMS \
+	CONFIG_OPENSSL_WITH_COMPRESSION \
+	CONFIG_OPENSSL_WITH_DTLS \
 	CONFIG_OPENSSL_WITH_EC \
 	CONFIG_OPENSSL_WITH_EC2M \
-	CONFIG_OPENSSL_WITH_SSL3 \
-	CONFIG_OPENSSL_HARDWARE_SUPPORT \
-	CONFIG_OPENSSL_NO_DEPRECATED \
-	CONFIG_OPENSSL_WITH_DTLS \
-	CONFIG_OPENSSL_WITH_COMPRESSION \
+	CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
+	CONFIG_OPENSSL_WITH_GOST \
+	CONFIG_OPENSSL_WITH_IDEA \
+	CONFIG_OPENSSL_WITH_MDC2 \
 	CONFIG_OPENSSL_WITH_NPN \
 	CONFIG_OPENSSL_WITH_PSK \
+	CONFIG_OPENSSL_WITH_RFC3779 \
+	CONFIG_OPENSSL_WITH_SEED \
 	CONFIG_OPENSSL_WITH_SRP \
-	CONFIG_OPENSSL_OPTIMIZE_SPEED
+	CONFIG_OPENSSL_WITH_SSE2 \
+	CONFIG_OPENSSL_WITH_WHIRLPOOL
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -54,6 +65,8 @@ endif
 define Package/openssl/Default
   TITLE:=Open source SSL toolkit
   URL:=http://www.openssl.org/
+  SECTION:=libs
+  CATEGORY:=Libraries
 endef
 
 define Package/libopenssl/config
@@ -62,16 +75,14 @@ endef
 
 define Package/openssl/Default/description
 The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, full-featured, and Open Source toolkit implementing the Secure
-Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well
-as a full-strength general purpose cryptography library.
+commercial-grade, full-featured, and Open Source toolkit implementing the
+Transport Layer Security (TLS) protocol as well as a full-strength
+general-purpose cryptography library.
 endef
 
 define Package/libopenssl
 $(call Package/openssl/Default)
-  SECTION:=libs
   SUBMENU:=SSL
-  CATEGORY:=Libraries
   DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib
   TITLE+= (libraries)
   ABI_VERSION:=1.0.0
@@ -100,19 +111,35 @@ $(call Package/openssl/Default/description)
 This package contains the OpenSSL command-line utility.
 endef
 
+define Package/libopenssl-gost
+  $(call Package/openssl/Default)
+  SUBMENU:=SSL
+  TITLE:=Russian GOST algorithms engine
+  DEPENDS:=libopenssl +@OPENSSL_WITH_GOST
+endef
 
-OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 \
- no-whrlpool no-whirlpool no-seed no-jpake
-OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method no-heartbeats
+define Package/libopenssl-gost/description
+This package adds an engine that enables Russian GOST algorithms.
+To use it, you need to configure the engine in /etc/ssl/openssl.cnf
+See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE
+The engine_id is "gost"
+endef
 
-ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
-  OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
-  ifdef CONFIG_OPENSSL_ENGINE_DIGEST
-    OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
-  endif
-else
-  OPENSSL_OPTIONS += no-engines
-endif
+define Package/libopenssl-padlock
+  $(call Package/openssl/Default)
+  SUBMENU:=SSL
+  TITLE:=VIA Padlock hardware acceleration engine
+  DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock
+endef
+
+define Package/libopenssl-padlock/description
+This package adds an engine that enables VIA Padlock hardware acceleration.
+To use it, you need to configure it in /etc/ssl/openssl.cnf.
+See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE
+The engine_id is "padlock"
+endef
+
+OPENSSL_OPTIONS:= shared no-heartbeats no-sha0 no-ssl2-method no-ssl3-method
 
 ifndef CONFIG_OPENSSL_WITH_EC
   OPENSSL_OPTIONS += no-ec
@@ -122,20 +149,70 @@ ifndef CONFIG_OPENSSL_WITH_EC2M
   OPENSSL_OPTIONS += no-ec2m
 endif
 
-ifndef CONFIG_OPENSSL_WITH_SSL3
-  OPENSSL_OPTIONS += no-ssl3 no-ssl3-method
+ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
+  OPENSSL_OPTIONS += no-err
 endif
 
-ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT
-  OPENSSL_OPTIONS += no-hw
+ifndef CONFIG_OPENSSL_WITH_CAMELLIA
+  OPENSSL_OPTIONS += no-camellia
+endif
+
+ifndef CONFIG_OPENSSL_WITH_IDEA
+  OPENSSL_OPTIONS += no-idea
+endif
+
+ifndef CONFIG_OPENSSL_WITH_SEED
+  OPENSSL_OPTIONS += no-seed
+endif
+
+ifndef CONFIG_OPENSSL_WITH_MDC2
+  OPENSSL_OPTIONS += no-mdc2
+endif
+
+ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
+  OPENSSL_OPTIONS += no-whirlpool
+endif
+
+ifndef CONFIG_OPENSSL_WITH_CMS
+  OPENSSL_OPTIONS += no-cms
+endif
+
+ifdef CONFIG_OPENSSL_WITH_RFC3779
+  OPENSSL_OPTIONS += enable-rfc3779
 endif
 
 ifdef CONFIG_OPENSSL_NO_DEPRECATED
   OPENSSL_OPTIONS += no-deprecated
 endif
 
+ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
+  TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
+else
+  OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
+endif
+
+ifdef CONFIG_OPENSSL_ENGINE
+  ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
+    OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
+    ifdef CONFIG_OPENSSL_ENGINE_DIGEST
+      OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
+    endif
+  endif
+  ifndef CONFIG_PACKAGE_libopenssl-padlock
+    OPENSSL_OPTIONS += no-hw-padlock
+  endif
+else
+  OPENSSL_OPTIONS += no-engine
+endif
+
+ifndef CONFIG_OPENSSL_WITH_GOST
+  OPENSSL_OPTIONS += no-gost
+endif
+
+# Even with no-dtls and no-dtls1 options, the library keeps the DTLS code,
+# but openssl util gets built without it
 ifndef CONFIG_OPENSSL_WITH_DTLS
-  OPENSSL_OPTIONS += no-dtls
+  OPENSSL_OPTIONS += no-dtls no-dtls1
 endif
 
 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
@@ -156,27 +233,18 @@ ifndef CONFIG_OPENSSL_WITH_SRP
   OPENSSL_OPTIONS += no-srp
 endif
 
-ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
-  TARGET_CFLAGS := $(filter-out -Os,$(TARGET_CFLAGS)) -O3
+ifndef CONFIG_OPENSSL_WITH_ASM
+  OPENSSL_OPTIONS += no-asm
 endif
 
-ifeq ($(CONFIG_x86_64),y)
-  OPENSSL_TARGET:=linux-x86_64-openwrt
-  OPENSSL_MAKEFLAGS += LIBDIR=lib
-else
-  OPENSSL_OPTIONS+=no-sse2
-  ifeq ($(CONFIG_mips)$(CONFIG_mipsel),y)
-    OPENSSL_TARGET:=linux-mips-openwrt
-  else ifeq ($(CONFIG_aarch64),y)
-    OPENSSL_TARGET:=linux-aarch64-openwrt
-  else ifeq ($(CONFIG_arm)$(CONFIG_armeb),y)
-    OPENSSL_TARGET:=linux-armv4-openwrt
-  else
-    OPENSSL_TARGET:=linux-generic-openwrt
-    OPENSSL_OPTIONS+=no-perlasm
+ifdef CONFIG_i386
+  ifndef CONFIG_OPENSSL_WITH_SSE2
+    OPENSSL_OPTIONS += no-sse2
   endif
 endif
 
+OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
+
 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
 
 define Build/Configure
@@ -187,11 +255,10 @@ define Build/Configure
 	(cd $(PKG_BUILD_DIR); \
 		./Configure $(OPENSSL_TARGET) \
 			--prefix=/usr \
+			--libdir=lib \
 			--openssldir=/etc/ssl \
 			$(TARGET_CPPFLAGS) \
-			$(TARGET_LDFLAGS) -ldl \
-			$(if $(CONFIG_OPENSSL_OPTIMIZE_SPEED),,-DOPENSSL_SMALL_FOOTPRINT) \
-			$(OPENSSL_NO_CIPHERS) \
+			$(TARGET_LDFLAGS) \
 			$(OPENSSL_OPTIONS) \
 	)
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
@@ -202,7 +269,7 @@ define Build/Configure
 		depend
 endef
 
-TARGET_CFLAGS += $(FPIC) -I$(CURDIR)/include -ffunction-sections -fdata-sections
+TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
 TARGET_LDFLAGS += -Wl,--gc-sections
 
 define Build/Compile
@@ -251,20 +318,33 @@ define Build/InstallDev
 endef
 
 define Package/libopenssl/install
+	$(INSTALL_DIR) $(1)/etc/ssl/certs
+	$(INSTALL_DIR) $(1)/etc/ssl/private
+	chmod 0700 $(1)/etc/ssl/private
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
+	$(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
 endef
 
 define Package/openssl-util/install
 	$(INSTALL_DIR) $(1)/etc/ssl
 	$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
-	$(INSTALL_DIR) $(1)/etc/ssl/certs
-	$(INSTALL_DIR) $(1)/etc/ssl/private
-	chmod 0700 $(1)/etc/ssl/private
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
 endef
 
+define Package/libopenssl-padlock/install
+	$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
+endef
+
+define Package/libopenssl-gost/install
+	$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/libgost.so $(1)/usr/lib/$(ENGINES_DIR)
+endef
+
 $(eval $(call BuildPackage,libopenssl))
+$(eval $(call BuildPackage,libopenssl-gost))
+$(eval $(call BuildPackage,libopenssl-padlock))
 $(eval $(call BuildPackage,openssl-util))
diff --git a/package/libs/openssl/include/crypto/cryptodev.h b/package/libs/openssl/include/crypto/cryptodev.h
deleted file mode 100644
index 7fb9c7dcdae..00000000000
--- a/package/libs/openssl/include/crypto/cryptodev.h
+++ /dev/null
@@ -1,292 +0,0 @@
-/* This is a source compatible implementation with the original API of
- * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
- * Placed under public domain */
-
-#ifndef L_CRYPTODEV_H
-#define L_CRYPTODEV_H
-
-#include <linux/types.h>
-#ifndef __KERNEL__
-#define __user
-#endif
-
-/* API extensions for linux */
-#define CRYPTO_HMAC_MAX_KEY_LEN		512
-#define CRYPTO_CIPHER_MAX_KEY_LEN	64
-
-/* All the supported algorithms
- */
-enum cryptodev_crypto_op_t {
-	CRYPTO_DES_CBC = 1,
-	CRYPTO_3DES_CBC = 2,
-	CRYPTO_BLF_CBC = 3,
-	CRYPTO_CAST_CBC = 4,
-	CRYPTO_SKIPJACK_CBC = 5,
-	CRYPTO_MD5_HMAC = 6,
-	CRYPTO_SHA1_HMAC = 7,
-	CRYPTO_RIPEMD160_HMAC = 8,
-	CRYPTO_MD5_KPDK = 9,
-	CRYPTO_SHA1_KPDK = 10,
-	CRYPTO_RIJNDAEL128_CBC = 11,
-	CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC,
-	CRYPTO_ARC4 = 12,
-	CRYPTO_MD5 = 13,
-	CRYPTO_SHA1 = 14,
-	CRYPTO_DEFLATE_COMP = 15,
-	CRYPTO_NULL = 16,
-	CRYPTO_LZS_COMP = 17,
-	CRYPTO_SHA2_256_HMAC = 18,
-	CRYPTO_SHA2_384_HMAC = 19,
-	CRYPTO_SHA2_512_HMAC = 20,
-	CRYPTO_AES_CTR = 21,
-	CRYPTO_AES_XTS = 22,
-	CRYPTO_AES_ECB = 23,
-	CRYPTO_AES_GCM = 50,
-
-	CRYPTO_CAMELLIA_CBC = 101,
-	CRYPTO_RIPEMD160,
-	CRYPTO_SHA2_224,
-	CRYPTO_SHA2_256,
-	CRYPTO_SHA2_384,
-	CRYPTO_SHA2_512,
-	CRYPTO_SHA2_224_HMAC,
-	CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
-};
-
-#define	CRYPTO_ALGORITHM_MAX	(CRYPTO_ALGORITHM_ALL - 1)
-
-/* Values for ciphers */
-#define DES_BLOCK_LEN		8
-#define DES3_BLOCK_LEN		8
-#define RIJNDAEL128_BLOCK_LEN	16
-#define AES_BLOCK_LEN		RIJNDAEL128_BLOCK_LEN
-#define CAMELLIA_BLOCK_LEN      16
-#define BLOWFISH_BLOCK_LEN	8
-#define SKIPJACK_BLOCK_LEN	8
-#define CAST128_BLOCK_LEN	8
-
-/* the maximum of the above */
-#define EALG_MAX_BLOCK_LEN	16
-
-/* Values for hashes/MAC */
-#define AALG_MAX_RESULT_LEN		64
-
-/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */
-#define CRYPTODEV_MAX_ALG_NAME		64
-
-#define HASH_MAX_LEN 64
-
-/* input of CIOCGSESSION */
-struct session_op {
-	/* Specify either cipher or mac
-	 */
-	__u32	cipher;		/* cryptodev_crypto_op_t */
-	__u32	mac;		/* cryptodev_crypto_op_t */
-
-	__u32	keylen;
-	__u8	__user *key;
-	__u32	mackeylen;
-	__u8	__user *mackey;
-
-	__u32	ses;		/* session identifier */
-};
-
-struct session_info_op {
-	__u32 ses;		/* session identifier */
-
-	/* verbose names for the requested ciphers */
-	struct alg_info {
-		char cra_name[CRYPTODEV_MAX_ALG_NAME];
-		char cra_driver_name[CRYPTODEV_MAX_ALG_NAME];
-	} cipher_info, hash_info;
-
-	__u16	alignmask;	/* alignment constraints */
-	__u32   flags;          /* SIOP_FLAGS_* */
-};
-
-/* If this flag is set then this algorithm uses
- * a driver only available in kernel (software drivers,
- * or drivers based on instruction sets do not set this flag).
- *
- * If multiple algorithms are involved (as in AEAD case), then
- * if one of them is kernel-driver-only this flag will be set.
- */
-#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1
-
-#define	COP_ENCRYPT	0
-#define COP_DECRYPT	1
-
-/* input of CIOCCRYPT */
-struct crypt_op {
-	__u32	ses;		/* session identifier */
-	__u16	op;		/* COP_ENCRYPT or COP_DECRYPT */
-	__u16	flags;		/* see COP_FLAG_* */
-	__u32	len;		/* length of source data */
-	__u8	__user *src;	/* source data */
-	__u8	__user *dst;	/* pointer to output data */
-	/* pointer to output data for hash/MAC operations */
-	__u8	__user *mac;
-	/* initialization vector for encryption operations */
-	__u8	__user *iv;
-};
-
-/* input of CIOCAUTHCRYPT */
-struct crypt_auth_op {
-	__u32	ses;		/* session identifier */
-	__u16	op;		/* COP_ENCRYPT or COP_DECRYPT */
-	__u16	flags;		/* see COP_FLAG_AEAD_* */
-	__u32	len;		/* length of source data */
-	__u32	auth_len;	/* length of auth data */
-	__u8	__user *auth_src;	/* authenticated-only data */
-
-	/* The current implementation is more efficient if data are
-	 * encrypted in-place (src==dst). */
-	__u8	__user *src;	/* data to be encrypted and authenticated */
-	__u8	__user *dst;	/* pointer to output data. Must have
-	                         * space for tag. For TLS this should be at least 
-	                         * len + tag_size + block_size for padding */
-
-	__u8    __user *tag;    /* where the tag will be copied to. TLS mode
-                                 * doesn't use that as tag is copied to dst.
-                                 * SRTP mode copies tag there. */
-	__u32	tag_len;	/* the length of the tag. Use zero for digest size or max tag. */
-
-	/* initialization vector for encryption operations */
-	__u8	__user *iv;
-	__u32   iv_len;
-};
-
-/* In plain AEAD mode the following are required:
- *  flags   : 0
- *  iv      : the initialization vector (12 bytes)
- *  auth_len: the length of the data to be authenticated
- *  auth_src: the data to be authenticated
- *  len     : length of data to be encrypted
- *  src     : the data to be encrypted
- *  dst     : space to hold encrypted data. It must have
- *            at least a size of len + tag_size.
- *  tag_size: the size of the desired authentication tag or zero to use
- *            the maximum tag output.
- *
- * Note tag isn't being used because the Linux AEAD interface
- * copies the tag just after data.
- */
-
-/* In TLS mode (used for CBC ciphers that required padding) 
- * the following are required:
- *  flags   : COP_FLAG_AEAD_TLS_TYPE
- *  iv      : the initialization vector
- *  auth_len: the length of the data to be authenticated only
- *  len     : length of data to be encrypted
- *  auth_src: the data to be authenticated
- *  src     : the data to be encrypted
- *  dst     : space to hold encrypted data (preferably in-place). It must have
- *            at least a size of len + tag_size + blocksize.
- *  tag_size: the size of the desired authentication tag or zero to use
- *            the default mac output.
- *
- * Note that the padding used is the minimum padding.
- */
-
-/* In SRTP mode the following are required:
- *  flags   : COP_FLAG_AEAD_SRTP_TYPE
- *  iv      : the initialization vector
- *  auth_len: the length of the data to be authenticated. This must
- *            include the SRTP header + SRTP payload (data to be encrypted) + rest
- *            
- *  len     : length of data to be encrypted
- *  auth_src: pointer the data to be authenticated. Should point at the same buffer as src.
- *  src     : pointer to the data to be encrypted.
- *  dst     : This is mandatory to be the same as src (in-place only).
- *  tag_size: the size of the desired authentication tag or zero to use
- *            the default mac output.
- *  tag     : Pointer to an address where the authentication tag will be copied.
- */
-
-
-/* struct crypt_op flags */
-
-#define COP_FLAG_NONE		(0 << 0) /* totally no flag */
-#define COP_FLAG_UPDATE		(1 << 0) /* multi-update hash mode */
-#define COP_FLAG_FINAL		(1 << 1) /* multi-update final hash mode */
-#define COP_FLAG_WRITE_IV	(1 << 2) /* update the IV during operation */
-#define COP_FLAG_NO_ZC		(1 << 3) /* do not zero-copy */
-#define COP_FLAG_AEAD_TLS_TYPE  (1 << 4) /* authenticate and encrypt using the 
-                                          * TLS protocol rules */
-#define COP_FLAG_AEAD_SRTP_TYPE  (1 << 5) /* authenticate and encrypt using the 
-                                           * SRTP protocol rules */
-#define COP_FLAG_RESET		(1 << 6) /* multi-update reset the state.
-                                          * should be used in combination
-                                          * with COP_FLAG_UPDATE */
-
-
-/* Stuff for bignum arithmetic and public key
- * cryptography - not supported yet by linux
- * cryptodev.
- */
-
-#define	CRYPTO_ALG_FLAG_SUPPORTED	1
-#define	CRYPTO_ALG_FLAG_RNG_ENABLE	2
-#define	CRYPTO_ALG_FLAG_DSA_SHA		4
-
-struct crparam {
-	__u8	*crp_p;
-	__u32	crp_nbits;
-};
-
-#define CRK_MAXPARAM	8
-
-/* input of CIOCKEY */
-struct crypt_kop {
-	__u32	crk_op;		/* cryptodev_crk_op_t */
-	__u32	crk_status;
-	__u16	crk_iparams;
-	__u16	crk_oparams;
-	__u32	crk_pad1;
-	struct crparam	crk_param[CRK_MAXPARAM];
-};
-
-enum cryptodev_crk_op_t {
-	CRK_MOD_EXP = 0,
-	CRK_MOD_EXP_CRT = 1,
-	CRK_DSA_SIGN = 2,
-	CRK_DSA_VERIFY = 3,
-	CRK_DH_COMPUTE_KEY = 4,
-	CRK_ALGORITHM_ALL
-};
-
-#define CRK_ALGORITHM_MAX	(CRK_ALGORITHM_ALL-1)
-
-/* features to be queried with CIOCASYMFEAT ioctl
- */
-#define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
-#define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
-#define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
-#define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
-#define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
-
-
-/* ioctl's. Compatible with old linux cryptodev.h
- */
-#define CRIOGET         _IOWR('c', 101, __u32)
-#define CIOCGSESSION    _IOWR('c', 102, struct session_op)
-#define CIOCFSESSION    _IOW('c', 103, __u32)
-#define CIOCCRYPT       _IOWR('c', 104, struct crypt_op)
-#define CIOCKEY         _IOWR('c', 105, struct crypt_kop)
-#define CIOCASYMFEAT    _IOR('c', 106, __u32)
-#define CIOCGSESSINFO	_IOWR('c', 107, struct session_info_op)
-
-/* to indicate that CRIOGET is not required in linux
- */
-#define CRIOGET_NOT_NEEDED 1
-
-/* additional ioctls for AEAD */
-#define CIOCAUTHCRYPT   _IOWR('c', 109, struct crypt_auth_op)
-
-/* additional ioctls for asynchronous operation.
- * These are conditionally enabled since version 1.6.
- */
-#define CIOCASYNCCRYPT    _IOW('c', 110, struct crypt_op)
-#define CIOCASYNCFETCH    _IOR('c', 111, struct crypt_op)
-
-#endif /* L_CRYPTODEV_H */
diff --git a/package/libs/openssl/patches/100-openwrt_targets.patch b/package/libs/openssl/patches/100-openwrt_targets.patch
new file mode 100644
index 00000000000..52a51f9f470
--- /dev/null
+++ b/package/libs/openssl/patches/100-openwrt_targets.patch
@@ -0,0 +1,44 @@
+From 1ce02d8c7ce3e4a2c16b92968c8aea5a15746917 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Wed, 26 Sep 2018 16:21:27 -0300
+Subject: Add openwrt targets
+
+Targets are named: linux-$(CONFIG_ARCH)-openwrt
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/Configure
++++ b/Configure
+@@ -470,6 +470,32 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ 
++# OpenWrt targets
++# from linux-aarch64
++"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-generic32
++"linux-arc-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-armv4
++"linux-arm-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-armv4
++"linux-armeb-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-elf
++"linux-i386-openwrt",	"gcc:-DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-mips32
++"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux64-mips64
++"linux-mips64-openwrt",   "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++# from linux64-mips64
++"linux-mips64el-openwrt",   "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++# from linux-mips32
++"linux-mipsel-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-ppc
++"linux-powerpc-openwrt",	"gcc:-DB_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-x86_64
++"linux-x86_64-openwrt",	"gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++# from linux-generic32
++"linux-generic32-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
+ # Android: linux-* but without pointers to headers and libs.
+ "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/package/libs/openssl/patches/110-optimize-for-size.patch b/package/libs/openssl/patches/110-optimize-for-size.patch
deleted file mode 100644
index d6d4a211110..00000000000
--- a/package/libs/openssl/patches/110-optimize-for-size.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- a/Configure
-+++ b/Configure
-@@ -470,6 +470,13 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- 
-+# OpenWrt targets
-+"linux-armv4-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-x86_64-openwrt",	"gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
- # Android: linux-* but without pointers to headers and libs.
- "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/package/libs/openssl/patches/130-perl-path.patch b/package/libs/openssl/patches/110-perl-path.patch
similarity index 100%
rename from package/libs/openssl/patches/130-perl-path.patch
rename to package/libs/openssl/patches/110-perl-path.patch
diff --git a/package/libs/openssl/patches/140-makefile-dirs.patch b/package/libs/openssl/patches/120-makefile-dirs.patch
similarity index 83%
rename from package/libs/openssl/patches/140-makefile-dirs.patch
rename to package/libs/openssl/patches/120-makefile-dirs.patch
index 83c412f4443..5bcb3164867 100644
--- a/package/libs/openssl/patches/140-makefile-dirs.patch
+++ b/package/libs/openssl/patches/120-makefile-dirs.patch
@@ -5,7 +5,7 @@
  BASEADDR=
  
 -DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl apps
++DIRS=   crypto ssl engines apps
  ENGDIRS= ccgost
  SHLIBDIRS= crypto ssl
  
diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/130-disable_doc_tests.patch
similarity index 100%
rename from package/libs/openssl/patches/160-disable_doc_tests.patch
rename to package/libs/openssl/patches/130-disable_doc_tests.patch
diff --git a/package/libs/openssl/patches/170-bash_path.patch b/package/libs/openssl/patches/140-bash_path.patch
similarity index 100%
rename from package/libs/openssl/patches/170-bash_path.patch
rename to package/libs/openssl/patches/140-bash_path.patch
diff --git a/package/libs/openssl/patches/180-fix_link_segfault.patch b/package/libs/openssl/patches/150-fix_link_segfault.patch
similarity index 100%
rename from package/libs/openssl/patches/180-fix_link_segfault.patch
rename to package/libs/openssl/patches/150-fix_link_segfault.patch
diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch
deleted file mode 100644
index a518a004966..00000000000
--- a/package/libs/openssl/patches/150-no_engines.patch
+++ /dev/null
@@ -1,81 +0,0 @@
---- a/Configure
-+++ b/Configure
-@@ -2144,6 +2144,11 @@ EOF
- 	close(OUT);
-   }
-   
-+# ugly hack to disable engines
-+if($target eq "mingwx") {
-+	system("sed -e s/^LIB/XLIB/g -i engines/Makefile");
-+}
-+
- print <<EOF;
- 
- Configured for $target.
---- a/util/libeay.num
-+++ b/util/libeay.num
-@@ -2075,7 +2075,6 @@ PKCS7_ATTR_SIGN_it
- UI_add_error_string                     2633	EXIST::FUNCTION:
- KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
- OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
--ENGINE_load_ubsec                       2636	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- ENGINE_register_all_digests             2637	EXIST::FUNCTION:ENGINE
- PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2549,7 +2548,6 @@ OCSP_RESPONSE_new
- AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
- OCSP_resp_count                         3025	EXIST::FUNCTION:
- KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
--ENGINE_load_cswift                      3027	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
- ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:ENGINE
- NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2580,7 +2578,6 @@ ASN1_primitive_free
- i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
- i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
- asn1_enc_save                           3054	EXIST::FUNCTION:
--ENGINE_load_nuron                       3055	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- _ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
- PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2604,7 +2601,6 @@ asn1_get_choice_selector
- i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
- ENGINE_set_table_flags                  3073	EXIST::FUNCTION:ENGINE
- AES_options                             3074	EXIST::FUNCTION:AES
--ENGINE_load_chil                        3075	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- OCSP_id_cmp                             3076	EXIST::FUNCTION:
- OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
- OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
-@@ -2671,7 +2667,6 @@ OCSP_CRLID_it
- OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
- OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
--ENGINE_load_atalla                      3130	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2766,8 +2761,6 @@ DES_read_2passwords
- DES_read_password                       3207	EXIST::FUNCTION:DES
- UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
- UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
--ENGINE_load_aep                         3210	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
--ENGINE_load_sureware                    3211	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
- OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
- OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
-@@ -2776,7 +2769,6 @@ OPENSSL_load_builtin_modules
- AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
- AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
- AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
--ENGINE_load_4758cca                     3218	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- _ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
- EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
- EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
-@@ -3111,7 +3103,6 @@ EC_GFp_nist_method
- STORE_meth_set_modify_fn                3530	NOEXIST::FUNCTION:
- STORE_method_set_modify_function        3530	NOEXIST::FUNCTION:
- STORE_parse_attrs_next                  3531	NOEXIST::FUNCTION:
--ENGINE_load_padlock                     3532	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- EC_GROUP_set_curve_name                 3533	EXIST::FUNCTION:EC
- X509_CERT_PAIR_it                       3534	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- X509_CERT_PAIR_it                       3534	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/160-remove_timestamp_check.patch
similarity index 100%
rename from package/libs/openssl/patches/190-remove_timestamp_check.patch
rename to package/libs/openssl/patches/160-remove_timestamp_check.patch
diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/170-parallel_build.patch
similarity index 97%
rename from package/libs/openssl/patches/200-parallel_build.patch
rename to package/libs/openssl/patches/170-parallel_build.patch
index 37134e40303..cbe5d512418 100644
--- a/package/libs/openssl/patches/200-parallel_build.patch
+++ b/package/libs/openssl/patches/170-parallel_build.patch
@@ -92,7 +92,7 @@
  		fi; \
 --- a/crypto/Makefile
 +++ b/crypto/Makefile
-@@ -85,11 +85,11 @@ testapps:
+@@ -87,11 +87,11 @@ testapps:
  	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
  
  subdirs:
@@ -106,7 +106,7 @@
  
  links:
  	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@ links:
+@@ -102,7 +102,7 @@ links:
  # lib: $(LIB): are splitted to avoid end-less loop
  lib:	$(LIB)
  	@touch lib
@@ -115,7 +115,7 @@
  	$(AR) $(LIB) $(LIBOBJ)
  	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
  	$(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
+@@ -113,7 +113,7 @@ shared: buildinf.h lib subdirs
  	fi
  
  libs:
@@ -124,7 +124,7 @@
  
  install:
  	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@ install:
+@@ -122,7 +122,7 @@ install:
  	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
  	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
  	done;
diff --git a/package/libs/openssl/patches/180-strip-cflags-from-binary.patch b/package/libs/openssl/patches/180-strip-cflags-from-binary.patch
new file mode 100644
index 00000000000..e70bd077d51
--- /dev/null
+++ b/package/libs/openssl/patches/180-strip-cflags-from-binary.patch
@@ -0,0 +1,21 @@
+From f17f027c258338994a6167091a398c0cc1588acb Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Wed, 26 Sep 2018 18:04:58 -0300
+Subject: Avoid exposing build directories
+
+The CFLAGS contain the build directories, and are shown by calling
+SSLeay_version(SSLEAY_CFLAGS), or running openssl version -a
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -57,7 +57,7 @@ top:
+ all: shared
+ 
+ buildinf.h: ../Makefile
+-	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
++	$(PERL) $(TOP)/util/mkbuildinf.pl "$(filter-out -I% -iremap%  -fmacro-prefix-map%,$(CC) $(CFLAGS))" "$(PLATFORM)" >buildinf.h
+ 
+ x86cpuid.s:	x86cpuid.pl perlasm/x86asm.pl
+ 	$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@