Fix issue #1 and issue #2.

Enable building with older openssl (at least 0.9.8e).
Add variants of missing functions in older openssl versions.
Allow proper linking with libraries in alternate locations and setting RUNPATH.
Increase hash rounds for nonce generation.

Makefile.in

@@ -147,12 +147,12 @@ COMMON_CPPFLAGS = -I. -I./lzma -I./lzfx -I./lz4 -I./rabin -I./bsdiff -DNODEFAULT
 	-DFILE_OFFSET_BITS=64 -D_REENTRANT -D__USE_SSE_INTRIN__ -D_LZMA_PROB32 \
 	-I./lzp @LIBBSCCPPFLAGS@ -I./crypto/skein -I./utils -I./crypto/sha2 \
 	-I./crypto/scrypt -I./crypto/aes -I./crypto @KEYLEN@ \
-	-I./crypto/keccak -I./transpose $(EXTRA_CPPFLAGS) -pedantic -Wall -Werror -std=gnu99 \
+	-I./crypto/keccak -I./transpose $(EXTRA_CPPFLAGS) -pedantic -Wall -std=gnu99 \
 	-fno-strict-aliasing -Wno-unused-but-set-variable -Wno-enum-compare
 COMMON_VEC_FLAGS = -ftree-vectorize
 COMMON_LOOP_OPTFLAGS = $(VEC_FLAGS) -floop-interchange -floop-block
-LDLIBS = -ldl -L@LIBBZ2_DIR@ -lbz2 -L@LIBZ_DIR@ -lz -lm @LIBBSCLFLAGS@ \
-	-L@OPENSSL_LIBDIR@ -lcrypto -lrt $(EXTRA_LDFLAGS)
+LDLIBS = -ldl -L./buildtmp -Wl,-R@LIBBZ2_DIR@ -lbz2 -L./buildtmp -Wl,-R@LIBZ_DIR@ -lz -lm @LIBBSCLFLAGS@ \
+	-L./buildtmp -Wl,-R@OPENSSL_LIBDIR@ -lcrypto -lrt $(EXTRA_LDFLAGS)
 OBJS = $(MAINOBJS) $(LZMAOBJS) $(PPMDOBJS) $(LZFXOBJS) $(LZ4OBJS) $(CRCOBJS) \
 $(RABINOBJS) $(BSDIFFOBJS) $(LZPOBJS) $(DELTA2OBJS) @LIBBSCWRAPOBJ@ $(SKEINOBJS) \
 $(SKEIN_BLOCK_OBJ) @SHA256ASM_OBJS@ @SHA256_OBJS@ $(KECCAK_OBJS) $(KECCAK_OBJS_ASM) \
@@ -270,6 +270,7 @@ clean:
 	$(RM) $(PROG) $(OBJS) $(BAKFILES)
 	$(RM) test.log
 	$(RM_RF) test/datafiles
+	$(RM_RF) buildtmp
 
 distclean: clean
 	$(RM) Makefile

config

@@ -54,6 +54,9 @@ m64_flag=
 zlib_prefix=
 bzlib_prefix=
 
+rm -rf ./buildtmp
+mkdir ./buildtmp
+
 # Try a simple compilation
 cat << _EOF > tst.c
 #include <stdio.h>
@@ -236,12 +239,14 @@ do
 	then
 		if [ -f "${lib}/libcrypto.so" -o -h "${lib}/libcrypto.so" ]
 		then
-			openssl_libdir=${lib}
+			openssl_libdir="${lib}"
+			(cd ./buildtmp; ln -s ${openssl_libdir}/libcrypto.so)
 			break
 		else
 			if [ -f "${lib}/libcrypto.a" ]
 			then
-				openssl_libdir=${lib}
+				openssl_libdir="${lib}"
+				(cd ./buildtmp; ln -s ${openssl_libdir}/libcrypto.a)
 				break
 			fi
 		fi
@@ -280,6 +285,65 @@ then
 fi
 
 
+# Check for OpenSSL version
+cat << __EOF > tst.c
+#include <stdlib.h>
+#include <openssl/opensslv.h>
+
+int
+main(void)
+{
+	if (OPENSSL_VERSION_NUMBER < 0x0090805fL)
+		exit (1);
+	return (0);
+}
+__EOF
+
+gcc ${m64_flag} -I${openssl_incdir} -L${openssl_libdir} tst.c -o tst
+if [ $? -ne 0 ]
+then
+	echo "Unable to compile OpenSSL test program please check OpenSSL installation."
+	exit 1
+fi
+./tst
+if [ $? -ne 0 ]
+then
+	echo "OpenSSL version too old. At least version 0.9.8e is required.\n"
+	exit 1
+fi
+
+# Check for HMAC_CTX_copy function
+cat << __EOF > tst.c
+#include <stdlib.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+int
+main(void)
+{
+	unsigned char key[16];
+	HMAC_CTX *ctx = (HMAC_CTX *)malloc(sizeof (HMAC_CTX));
+	HMAC_CTX *ctx1 = (HMAC_CTX *)malloc(sizeof (HMAC_CTX));
+
+	HMAC_CTX_init(ctx);
+	HMAC_Init_ex(ctx, key, 16, EVP_sha256(), NULL);
+	HMAC_CTX_copy(ctx1, ctx);
+
+	return (0);
+}
+__EOF
+
+gcc ${m64_flag} -I${openssl_incdir} -L${openssl_libdir} -O0 -g tst.c -o tst -lcrypto >/dev/null 2>&1
+if [ $? -ne 0 ]
+then
+	openssl_incdir="${openssl_incdir} -D__OSSL_OLD__"
+fi
+
+rm -f tst*
+openssl_libdir="${openssl_libdir},--enable-new-dtags"
+
 # Detect other library packages
 for libspec in "libbz2:${bzlib_prefix}" "libz:${zlib_prefix}"
 do
@@ -306,12 +370,14 @@ do
 		then
 			if [ -f "${lib}/${libname}.so" -o -h "${lib}/${libname}.so" ]
 			then
-				eval "${libname}_libdir=${lib}"
+				eval "${libname}_libdir=${lib},--enable-new-dtags"
+				(cd ./buildtmp; ln -s ${lib}/${libname}.so)
 				break
 			else
 				if [ -f "${lib}/${libname}.a" ]
 				then
-					eval "${libname}_libdir=${lib}"
+					eval "${libname}_libdir=${lib},--enable-new-dtags"
+					(cd ./buildtmp; ln -s ${lib}/${libname}.a)
 					break
 				fi
 			fi

crypto/aes/crypto_aes.h

@@ -38,7 +38,7 @@ extern "C" {
 #ifndef KEYLEN
 #define	KEYLEN 16
 #endif
-#define	PBE_ROUNDS 100
+#define	PBE_ROUNDS 1000
 
 typedef struct {
 	uint64_t nonce;

crypto/crypto_utils.c

@@ -73,6 +73,79 @@ extern uint64_t lzma_crc64(const uint8_t *buf, uint64_t size, uint64_t crc);
 extern uint64_t lzma_crc64_8bchk(const uint8_t *buf, uint64_t size,
 	uint64_t crc, uint64_t *cnt);
 
+#ifdef __OSSL_OLD__
+int
+HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
+{
+	if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
+		return (0);
+	if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx))
+		return (0);
+	if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
+		return (0);
+
+	memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+	dctx->key_length = sctx->key_length;
+	dctx->md = sctx->md;
+	return (1);
+}
+
+int
+PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+	const unsigned char *salt, int saltlen, int iter,
+	const EVP_MD *digest,
+	int keylen, unsigned char *out)
+{
+	unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
+	int cplen, j, k, tkeylen, mdlen;
+	unsigned long i = 1;
+	HMAC_CTX hctx;
+
+	mdlen = EVP_MD_size(digest);
+	if (mdlen < 0)
+		return 0;
+
+	HMAC_CTX_init(&hctx);
+	p = out;
+	tkeylen = keylen;
+	if(!pass)
+		passlen = 0;
+	else if(passlen == -1)
+		passlen = strlen(pass);
+	while(tkeylen)
+	{
+		if(tkeylen > mdlen)
+			cplen = mdlen;
+		else
+			cplen = tkeylen;
+		/* We are unlikely to ever use more than 256 blocks (5120 bits!)
+		 * but just in case...
+		 */
+		itmp[0] = (unsigned char)((i >> 24) & 0xff);
+		itmp[1] = (unsigned char)((i >> 16) & 0xff);
+		itmp[2] = (unsigned char)((i >> 8) & 0xff);
+		itmp[3] = (unsigned char)(i & 0xff);
+		HMAC_Init_ex(&hctx, pass, passlen, digest, NULL);
+		HMAC_Update(&hctx, salt, saltlen);
+		HMAC_Update(&hctx, itmp, 4);
+		HMAC_Final(&hctx, digtmp, NULL);
+		memcpy(p, digtmp, cplen);
+		for(j = 1; j < iter; j++)
+		{
+			HMAC(digest, pass, passlen,
+			     digtmp, mdlen, digtmp, NULL);
+			for(k = 0; k < cplen; k++)
+				p[k] ^= digtmp[k];
+		}
+		tkeylen-= cplen;
+		i++;
+		p+= cplen;
+	}
+	HMAC_CTX_cleanup(&hctx);
+	return (1);
+}
+#endif
+
 int
 compute_checksum(uchar_t *cksum_buf, int cksum, uchar_t *buf, uint64_t bytes)
 {
@@ -360,14 +433,22 @@ hmac_update(mac_ctx_t *mctx, uchar_t *data, uint64_t len)
 
 	} else if (cksum == CKSUM_SHA256 || cksum == CKSUM_CRC64) {
 		if (cksum_provider == PROVIDER_OPENSSL) {
+#ifndef __OSSL_OLD__
 			if (HMAC_Update((HMAC_CTX *)(mctx->mac_ctx), data, len) == 0)
 				return (-1);
+#else
+			HMAC_Update((HMAC_CTX *)(mctx->mac_ctx), data, len);
+#endif
 		} else {
 			opt_HMAC_SHA256_Update((HMAC_SHA256_Context *)(mctx->mac_ctx), data, len);
 		}
 	} else if (cksum == CKSUM_SHA512) {
+#ifndef __OSSL_OLD__
 		if (HMAC_Update((HMAC_CTX *)(mctx->mac_ctx), data, len) == 0)
 			return (-1);
+#else
+		HMAC_Update((HMAC_CTX *)(mctx->mac_ctx), data, len);
+#endif
 
 	} else if (cksum == CKSUM_KECCAK256 || cksum == CKSUM_KECCAK512) {
 		// Keccak takes data length in bits so we have to scale

main.c

@@ -620,7 +620,7 @@ start_decompress(const char *filename, const char *to_filename)
 	struct wdata w;
 	int compfd = -1, i, p;
 	int uncompfd = -1, err, np, bail;
-	int nprocs, thread = 0, level;
+	int nprocs = 1, thread = 0, level;
 	short version, flags;
 	int64_t chunksize, compressed_chunksize;
 	struct cmp_data **dary, *tdat;