- Update to version 1.0.0 beta 3

- Use %global instead of %define
- Automatically generate debuginfo subpackage
- Merged various changes from the native Fedora package (up to
    1.0.0-0.5.beta3)
- Don't use the %{_mingw32_make} macro anymore as it's ugly and causes
    side-effects
NOTE: Right now, this package doesn't provide versioned DLL's as the
    upstream defaults are used and I couldn't find the right spot in the
    build scripts to realize this (openssl's build system is really
    messy..).
This commit is contained in:
epienbro 2009-08-29 16:13:45 +00:00
parent 278c82103b
commit 1deb3708fc
23 changed files with 15807 additions and 68 deletions

View File

@ -1 +1 @@
openssl-0.9.8j-usa.tar.bz2 openssl-1.0.0-beta3-usa.tar.bz2

View File

@ -4,33 +4,32 @@
set -e set -e
# Clean out patent-or-otherwise-encumbered code. # Clean out patent-or-otherwise-encumbered code.
# MDC-2: 4,908,861 13/03/2007 # MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
# IDEA: 5,214,703 25/05/2010 # IDEA: 5,214,703 25/05/2010
# RC5: 5,724,428 03/03/2015 # RC5: 5,724,428 03/03/2015
# EC: ????????? ??/??/2015 # EC: ????????? ??/??/2015
# Remove assembler portions of IDEA, MDC2, and RC5. # Remove assembler portions of IDEA, MDC2, and RC5.
(find crypto/{idea,mdc2,rc5}/asm -type f | xargs -r rm -fv) (find crypto/{idea,rc5}/asm -type f | xargs -r rm -fv)
# IDEA, MDC2, RC5, EC. # IDEA, MDC2, RC5, EC.
for a in idea mdc2 rc5 ec ecdh ecdsa; do for a in idea rc5 ec ecdh ecdsa; do
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
echo Destroying $c echo Destroying $c
> $c > $c
done done
done done
for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" -o -name "*_ecdsa.c"`; do for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_ecdsa.c"`; do
echo Destroying $c echo Destroying $c
> $c > $c
done done
for h in `find crypto ssl apps test -name "*.h"` ; do for h in `find crypto ssl apps test -name "*.h"` ; do
echo Removing IDEA, MDC2, RC5, and EC references from $h echo Removing IDEA, RC5, and EC references from $h
cat $h | \ cat $h | \
awk 'BEGIN {ech=1;} \ awk 'BEGIN {ech=1;} \
/^#[ \t]*ifndef.*NO_IDEA/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_IDEA/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_MDC2/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \

View File

@ -0,0 +1,44 @@
--- util/libeay.num.orig 2009-08-29 15:41:45.207820734 +0200
+++ util/libeay.num 2009-08-29 15:48:03.746817062 +0200
@@ -1084,7 +1084,6 @@
PROXY_set_connect_mode 1112 NOEXIST::FUNCTION:
RAND_SSLeay 1113 EXIST::FUNCTION:
RAND_set_rand_method 1114 EXIST::FUNCTION:
-RSA_memory_lock 1115 EXIST::FUNCTION:RSA
bn_sub_words 1116 EXIST::FUNCTION:
bn_mul_normal 1117 NOEXIST::FUNCTION:
bn_mul_comba8 1118 NOEXIST::FUNCTION:
@@ -2844,17 +2843,8 @@
X509_check_ca 3286 EXIST::FUNCTION:
private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION:
HMAC_CTX_set_flags 3288 NOEXIST::FUNCTION:
-private_SHA_Init 3289 NOEXIST::FUNCTION:
-private_CAST_set_key 3290 NOEXIST::FUNCTION:
-private_RIPEMD160_Init 3291 NOEXIST::FUNCTION:
private_RC5_32_set_key 3292 NOEXIST::FUNCTION:
-private_MD5_Init 3293 NOEXIST::FUNCTION:
-private_RC4_set_key 3294 NOEXIST::FUNCTION:
private_MDC2_Init 3295 NOEXIST::FUNCTION:
-private_RC2_set_key 3296 NOEXIST::FUNCTION:
-private_MD4_Init 3297 NOEXIST::FUNCTION:
-private_BF_set_key 3298 NOEXIST::FUNCTION:
-private_MD2_Init 3299 NOEXIST::FUNCTION:
d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION:
PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -3318,7 +3308,6 @@
EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION:
STORE_set_ex_data 3722 NOEXIST::FUNCTION:
ENGINE_get_ECDSA 3723 EXIST::FUNCTION:ENGINE
-EVP_ecdsa 3724 EXIST::FUNCTION:SHA
BN_BLINDING_get_flags 3725 EXIST::FUNCTION:
PKCS12_add_cert 3726 EXIST::FUNCTION:
STORE_OBJECT_new 3727 NOEXIST::FUNCTION:
@@ -3702,7 +3691,6 @@
FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION:
CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION:
OPENSSL_init 4091 NOEXIST::FUNCTION:
-private_Camellia_set_key 4092 NOEXIST::FUNCTION:
CRYPTO_strdup 4093 EXIST::FUNCTION:
JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE
JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE

View File

@ -0,0 +1,11 @@
--- openssl-1.0.0-beta3/Makefile.shared.orig 2009-08-29 17:02:27.496816550 +0200
+++ openssl-1.0.0-beta3/Makefile.shared 2009-08-29 17:04:54.897820373 +0200
@@ -250,7 +250,7 @@
base=-Wl,--enable-auto-image-base; \
deffile=; \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
- SHLIB=$(LIBNAME)eay32; base=; \
+ SHLIB=lib$(LIBNAME); base=; \
if test -f $(LIBNAME)eay32.def; then \
deffile=$(LIBNAME)eay32.def; \
fi; \

View File

@ -1,8 +1,9 @@
%define __strip %{_mingw32_strip} %global __strip %{_mingw32_strip}
%define __objdump %{_mingw32_objdump} %global __objdump %{_mingw32_objdump}
%define _use_internal_dependency_generator 0 %global _use_internal_dependency_generator 0
%define __find_requires %{_mingw32_findrequires} %global __find_requires %{_mingw32_findrequires}
%define __find_provides %{_mingw32_findprovides} %global __find_provides %{_mingw32_findprovides}
%define __debug_install_post %{_mingw32_debug_install_post}
# For the curious: # For the curious:
# 0.9.5a soversion = 0 # 0.9.5a soversion = 0
@ -13,21 +14,24 @@
# 0.9.7ef soversion = 5 # 0.9.7ef soversion = 5
# 0.9.8ab soversion = 6 # 0.9.8ab soversion = 6
# 0.9.8g soversion = 7 # 0.9.8g soversion = 7
# 0.9.8j + EAP-FAST soversion = 8 # 0.9.8jk + EAP-FAST soversion = 8
%define soversion 8 # 1.0.0 soversion = 10
%global soversion 10
%global beta beta3
# Enable the tests. # Enable the tests.
# These only work some of the time, but fail randomly at other times # These only work some of the time, but fail randomly at other times
# (although I have had them complete a few times, so I don't think # (although I have had them complete a few times, so I don't think
# there is any actual problem with the binaries). # there is any actual problem with the binaries).
%define run_tests 0 %global run_tests 0
# Number of threads to spawn when testing some threading fixes. # Number of threads to spawn when testing some threading fixes.
%define thread_test_threads %{?threads:%{threads}}%{!?threads:1} %global thread_test_threads %{?threads:%{threads}}%{!?threads:1}
Name: mingw32-openssl Name: mingw32-openssl
Version: 0.9.8j Version: 1.0.0
Release: 7%{?dist} Release: 0.1.%{beta}%{?dist}
Summary: MinGW port of the OpenSSL toolkit Summary: MinGW port of the OpenSSL toolkit
License: OpenSSL License: OpenSSL
@ -35,7 +39,7 @@ Group: Development/Libraries
URL: http://www.openssl.org/ URL: http://www.openssl.org/
# Use the hobble-openssl script to create the source file. # Use the hobble-openssl script to create the source file.
Source0: openssl-%{version}-usa.tar.bz2 Source0: openssl-%{version}-%{beta}-usa.tar.bz2
Source1: hobble-openssl Source1: hobble-openssl
Source2: Makefile.certificate Source2: Makefile.certificate
@ -46,38 +50,38 @@ Source10: opensslconf-new-warning.h
# Patches from Fedora native package. # Patches from Fedora native package.
# Build changes # Build changes
Patch0: openssl-0.9.8j-redhat.patch Patch0: openssl-1.0.0-beta3-redhat.patch
Patch1: openssl-0.9.8a-defaults.patch Patch1: openssl-1.0.0-beta3-defaults.patch
Patch2: openssl-0.9.8a-link-krb5.patch Patch2: openssl-1.0.0-beta3-krb5.patch
Patch3: openssl-0.9.8j-soversion.patch Patch3: openssl-1.0.0-beta3-soversion.patch
Patch4: openssl-0.9.8j-enginesdir.patch Patch4: openssl-1.0.0-beta3-enginesdir.patch
Patch5: openssl-0.9.8a-no-rpath.patch Patch5: openssl-0.9.8a-no-rpath.patch
Patch6: openssl-0.9.8b-test-use-localhost.patch Patch6: openssl-0.9.8b-test-use-localhost.patch
Patch7: openssl-0.9.8j-shlib-version.patch
# Bug fixes # Bug fixes
Patch21: openssl-0.9.8b-aliasing-bug.patch Patch21: openssl-0.9.8b-aliasing-bug.patch
Patch22: openssl-0.9.8b-x509-name-cmp.patch Patch23: openssl-1.0.0-beta3-default-paths.patch
Patch23: openssl-0.9.8g-default-paths.patch
Patch24: openssl-0.9.8g-no-extssl.patch
# Functionality changes # Functionality changes
Patch32: openssl-0.9.8g-ia64.patch Patch32: openssl-0.9.8g-ia64.patch
Patch33: openssl-0.9.8j-ca-dir.patch Patch33: openssl-0.9.8j-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch Patch35: openssl-0.9.8j-version-add-engines.patch
Patch38: openssl-0.9.8a-reuse-cipher-change.patch Patch38: openssl-1.0.0-beta3-cipher-change.patch
# Disabled this because it uses getaddrinfo which is lacking on Windows. # Disabled this because it uses getaddrinfo which is lacking on Windows.
#Patch39: openssl-0.9.8g-ipv6-apps.patch #Patch39: openssl-1.0.0-beta3-ipv6-apps.patch
Patch40: openssl-0.9.8j-nocanister.patch Patch40: openssl-1.0.0-beta3-fips.patch
Patch41: openssl-0.9.8j-use-fipscheck.patch Patch41: openssl-1.0.0-beta3-fipscheck.patch
Patch42: openssl-0.9.8j-fipscheck-hmac.patch Patch43: openssl-1.0.0-beta3-fipsmode.patch
Patch43: openssl-0.9.8j-evp-nonfips.patch Patch44: openssl-1.0.0-beta3-fipsrng.patch
Patch44: openssl-0.9.8j-kernel-fipsmode.patch
Patch45: openssl-0.9.8j-env-nozlib.patch Patch45: openssl-0.9.8j-env-nozlib.patch
Patch46: openssl-0.9.8j-eap-fast.patch
Patch47: openssl-0.9.8j-readme-warning.patch Patch47: openssl-0.9.8j-readme-warning.patch
Patch48: openssl-0.9.8j-bad-mime.patch Patch48: openssl-0.9.8j-bad-mime.patch
Patch49: openssl-0.9.8j-fips-no-pairwise.patch Patch49: openssl-0.9.8k-algo-doc.patch
Patch50: openssl-1.0.0-beta3-curl.patch
Patch51: openssl-1.0.0-beta3-const.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch60: openssl-1.0.0-beta3-namingstr.patch
Patch61: openssl-1.0.0-beta3-namingblk.patch
# MinGW-specific patches. # MinGW-specific patches.
Patch100: mingw32-openssl-0.9.8j-header-files.patch Patch100: mingw32-openssl-0.9.8j-header-files.patch
@ -85,12 +89,13 @@ Patch101: mingw32-openssl-0.9.8j-configure.patch
Patch102: mingw32-openssl-0.9.8j-shared.patch Patch102: mingw32-openssl-0.9.8j-shared.patch
Patch103: mingw32-openssl-0.9.8g-global.patch Patch103: mingw32-openssl-0.9.8g-global.patch
Patch104: mingw32-openssl-0.9.8g-sfx.patch Patch104: mingw32-openssl-0.9.8g-sfx.patch
Patch105: mingw32-openssl-1.0.0-beta3-linker-fix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch BuildArch: noarch
BuildRequires: mingw32-filesystem >= 49 BuildRequires: mingw32-filesystem >= 52
BuildRequires: mingw32-gcc BuildRequires: mingw32-gcc
BuildRequires: mingw32-binutils BuildRequires: mingw32-binutils
@ -139,8 +144,11 @@ Requires: %{name} = %{version}-%{release}
Static version of the MinGW port of the OpenSSL toolkit. Static version of the MinGW port of the OpenSSL toolkit.
%{_mingw32_debug_package}
%prep %prep
%setup -q -n openssl-%{version} %setup -q -n openssl-%{version}-%{beta}
%{SOURCE1} > /dev/null %{SOURCE1} > /dev/null
%patch0 -p1 -b .redhat %patch0 -p1 -b .redhat
@ -151,12 +159,9 @@ Static version of the MinGW port of the OpenSSL toolkit.
%patch4 -p1 -b .enginesdir %patch4 -p1 -b .enginesdir
%patch5 -p1 -b .no-rpath %patch5 -p1 -b .no-rpath
%patch6 -p1 -b .use-localhost %patch6 -p1 -b .use-localhost
%patch7 -p1 -b .shlib-version
%patch21 -p1 -b .aliasing-bug %patch21 -p1 -b .aliasing-bug
%patch22 -p1 -b .name-cmp
%patch23 -p1 -b .default-paths %patch23 -p1 -b .default-paths
%patch24 -p1 -b .no-extssl
%patch32 -p1 -b .ia64 %patch32 -p1 -b .ia64
#patch33 is applied after make test #patch33 is applied after make test
@ -164,22 +169,25 @@ Static version of the MinGW port of the OpenSSL toolkit.
%patch35 -p1 -b .version-add-engines %patch35 -p1 -b .version-add-engines
%patch38 -p1 -b .cipher-change %patch38 -p1 -b .cipher-change
#%patch39 -p1 -b .ipv6-apps #%patch39 -p1 -b .ipv6-apps
%patch40 -p1 -b .nocanister %patch40 -p1 -b .fips
%patch41 -p1 -b .use-fipscheck %patch41 -p1 -b .fipscheck
%patch42 -p1 -b .fipscheck-hmac %patch43 -p1 -b .fipsmode
%patch43 -p1 -b .evp-nonfips %patch44 -p1 -b .fipsrng
%patch44 -p1 -b .fipsmode
%patch45 -p1 -b .env-nozlib %patch45 -p1 -b .env-nozlib
%patch46 -p1 -b .eap-fast
%patch47 -p1 -b .warning %patch47 -p1 -b .warning
%patch48 -p1 -b .bad-mime %patch48 -p1 -b .bad-mime
%patch49 -p1 -b .no-pairwise %patch49 -p1 -b .algo-doc
%patch50 -p1 -b .curl
%patch51 -p1 -b .const
%patch60 -p1 -b .namingstr
%patch61 -p1 -b .namingblk
%patch100 -p1 -b .mingw-header-files #%patch100 -p1 -b .mingw-header-files
%patch101 -p1 -b .mingw-configure #%patch101 -p1 -b .mingw-configure
%patch102 -p1 -b .mingw-shared #%patch102 -p1 -b .mingw-shared
%patch103 -p1 -b .mingw-global #%patch103 -p1 -b .mingw-global
%patch104 -p1 -b .mingw-sfx #%patch104 -p1 -b .mingw-sfx
%patch105 -p0 -b .mingw-linker-fix
# Modify the various perl scripts to reference perl in the right location. # Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}` perl util/perlpath.pl `dirname %{__perl}`
@ -191,22 +199,22 @@ make TABLE PERL=%{__perl}
%build %build
# NB: 'no-hw' is vital. MinGW cannot build the hardware drivers # NB: 'no-hw' is vital. MinGW cannot build the hardware drivers
# and if you don't have this you'll get an obscure link error. # and if you don't have this you'll get an obscure link error.
%{_mingw32_env}; \ sed -i -e "s/MINGW32_CFLAGS/%{_mingw32_cflags}/" Configure; \
sed -i -e "s/MINGW32_CC/%{_mingw32_cc}/" -e "s/MINGW32_CFLAGS/%{_mingw32_cflags}/" -e "s/MINGW32_RANLIB/%{_mingw32_ranlib}/" Configure; \
./Configure \ ./Configure \
--prefix=%{_mingw32_prefix} \ --prefix=%{_mingw32_prefix} \
--openssldir=%{_mingw32_sysconfdir}/pki/tls \ --openssldir=%{_mingw32_sysconfdir}/pki/tls \
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa no-hw shared \ enable-cms enable-md2 no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa \
no-hw shared --cross-compile-prefix=%{_mingw32_target}- \
--enginesdir=%{_mingw32_libdir}/openssl/engines \ --enginesdir=%{_mingw32_libdir}/openssl/engines \
mingw mingw
# --with-krb5-flavor=MIT # --with-krb5-flavor=MIT
# -I%{_mingw32_prefix}/kerberos/include -L%{_mingw32_prefix}/kerberos/%{_lib} # -I%{_mingw32_prefix}/kerberos/include -L%{_mingw32_prefix}/kerberos/%{_lib}
%{_mingw32_make} depend make depend
%{_mingw32_make} all build-shared make all build-shared
# Generate hashes for the included certs. # Generate hashes for the included certs.
%{_mingw32_make} rehash build-shared make rehash build-shared
%if %{run_tests} %if %{run_tests}
#---------------------------------------------------------------------- #----------------------------------------------------------------------
@ -240,7 +248,7 @@ sleep 3
DISPLAY=$display DISPLAY=$display
export DISPLAY export DISPLAY
%{_mingw32_make} LDCMD=%{_mingw32_cc} -C test apps tests make LDCMD=%{_mingw32_cc} -C test apps tests
# Disable this thread test, because we don't have pthread on Windows. # Disable this thread test, because we don't have pthread on Windows.
%{_mingw32_cc} -o openssl-thread-test \ %{_mingw32_cc} -o openssl-thread-test \
@ -289,10 +297,6 @@ make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
# Install the file applink.c (#499934) # Install the file applink.c (#499934)
install -m644 ms/applink.c $RPM_BUILD_ROOT%{_mingw32_includedir}/openssl/applink.c install -m644 ms/applink.c $RPM_BUILD_ROOT%{_mingw32_includedir}/openssl/applink.c
# Install the actual DLLs.
install libcrypto-%{soversion}.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
install libssl-%{soversion}.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
# I have no idea why it installs the manpages in /etc, but # I have no idea why it installs the manpages in /etc, but
# we remove them anyway. # we remove them anyway.
rm -r $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/man rm -r $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/man
@ -324,8 +328,8 @@ rm -rf $RPM_BUILD_ROOT
%doc LICENSE %doc LICENSE
%{_mingw32_bindir}/openssl.exe %{_mingw32_bindir}/openssl.exe
%{_mingw32_bindir}/c_rehash %{_mingw32_bindir}/c_rehash
%{_mingw32_bindir}/libcrypto-%{soversion}.dll %{_mingw32_bindir}/libeay32.dll
%{_mingw32_bindir}/libssl-%{soversion}.dll %{_mingw32_bindir}/ssleay32.dll
#{_mingw32_bindir}/.libcrypto*.hmac #{_mingw32_bindir}/.libcrypto*.hmac
%{_mingw32_libdir}/libcrypto.dll.a %{_mingw32_libdir}/libcrypto.dll.a
%{_mingw32_libdir}/libssl.dll.a %{_mingw32_libdir}/libssl.dll.a
@ -342,6 +346,13 @@ rm -rf $RPM_BUILD_ROOT
%changelog %changelog
* Fri Aug 28 2009 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.0-0.1.beta3
- Update to version 1.0.0 beta 3
- Use %%global instead of %%define
- Automatically generate debuginfo subpackage
- Merged various changes from the native Fedora package (up to 1.0.0-0.5.beta3)
- Don't use the %%{_mingw32_make} macro anymore as it's ugly and causes side-effects
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8j-7 * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8j-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

View File

@ -0,0 +1,113 @@
diff -up openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod
--- openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod.algo-doc 2004-05-20 23:39:50.000000000 +0200
+++ openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod 2009-06-30 12:04:47.000000000 +0200
@@ -6,7 +6,8 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
-EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224,
+EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
EVP digest routines
@@ -51,6 +52,10 @@ EVP digest routines
const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
+ const EVP_MD *EVP_sha224(void);
+ const EVP_MD *EVP_sha256(void);
+ const EVP_MD *EVP_sha384(void);
+ const EVP_MD *EVP_sha512(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
const EVP_MD *EVP_mdc2(void);
@@ -70,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
-function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
+function. B<type> will typically be supplied by a function such as EVP_sha1().
If B<impl> is NULL then the default implementation of digest B<type> is used.
EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
@@ -127,9 +132,11 @@ with this digest. For example EVP_sha1()
return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
algorithms may not be retained in future versions of OpenSSL.
-EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
-return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
-algorithms respectively. The associated signature algorithm is RSA in each case.
+EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
+EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160()
+return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384,
+SHA512, MDC2 and RIPEMD160 digest algorithms respectively. The associated
+signature algorithm is RSA in each case.
EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
algorithms but using DSS (DSA) for the signature algorithm.
@@ -156,7 +163,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_
EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
size in bytes.
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
+EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
corresponding EVP_MD structures.
diff -up openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod
--- openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod.algo-doc 2005-04-15 18:01:35.000000000 +0200
+++ openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod 2009-06-30 12:04:47.000000000 +0200
@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ const EVP_CIPHER *EVP_des_ede3(void);
+ const EVP_CIPHER *EVP_des_ede3_ecb(void);
+ const EVP_CIPHER *EVP_des_ede3_cfb64(void);
+ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
+ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
+ const EVP_CIPHER *EVP_des_ede3_ofb(void);
+ const EVP_CIPHER *EVP_des_ede3_cbc(void);
+ const EVP_CIPHER *EVP_aes_128_ecb(void);
+ const EVP_CIPHER *EVP_aes_128_cbc(void);
+ const EVP_CIPHER *EVP_aes_128_cfb1(void);
+ const EVP_CIPHER *EVP_aes_128_cfb8(void);
+ const EVP_CIPHER *EVP_aes_128_cfb128(void);
+ const EVP_CIPHER *EVP_aes_128_ofb(void);
+ const EVP_CIPHER *EVP_aes_192_ecb(void);
+ const EVP_CIPHER *EVP_aes_192_cbc(void);
+ const EVP_CIPHER *EVP_aes_192_cfb1(void);
+ const EVP_CIPHER *EVP_aes_192_cfb8(void);
+ const EVP_CIPHER *EVP_aes_192_cfb128(void);
+ const EVP_CIPHER *EVP_aes_192_ofb(void);
+ const EVP_CIPHER *EVP_aes_256_ecb(void);
+ const EVP_CIPHER *EVP_aes_256_cbc(void);
+ const EVP_CIPHER *EVP_aes_256_cfb1(void);
+ const EVP_CIPHER *EVP_aes_256_cfb8(void);
+ const EVP_CIPHER *EVP_aes_256_cfb128(void);
+ const EVP_CIPHER *EVP_aes_256_ofb(void);
+
=head1 DESCRIPTION
The EVP cipher routines are a high level interface to certain
@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
DESX algorithm in CBC mode.
+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
+
+AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
+
+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
+
+AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
+
+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
+
+AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
+
=item EVP_rc4(void)
RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.

View File

@ -0,0 +1,21 @@
diff -up openssl-1.0.0-beta3/ssl/ssl.h.cipher-change openssl-1.0.0-beta3/ssl/ssl.h
--- openssl-1.0.0-beta3/ssl/ssl.h.cipher-change 2009-08-05 18:22:45.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/ssl.h 2009-08-05 18:27:32.000000000 +0200
@@ -511,7 +511,7 @@ typedef struct ssl_session_st
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
@@ -528,7 +528,7 @@ typedef struct ssl_session_st
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL 0x80000FFFL
+#define SSL_OP_ALL 0x80000FF7L
/* DTLS options */
#define SSL_OP_NO_QUERY_MTU 0x00001000L

View File

@ -0,0 +1,36 @@
diff -up openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod.const openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod
--- openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod.const 2009-02-14 22:49:37.000000000 +0100
+++ openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod 2009-08-22 16:15:32.000000000 +0200
@@ -11,7 +11,7 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits
const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
- char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size);
+ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
=head1 DESCRIPTION
diff -up openssl-1.0.0-beta3/ssl/ssl_ciph.c.const openssl-1.0.0-beta3/ssl/ssl_ciph.c
--- openssl-1.0.0-beta3/ssl/ssl_ciph.c.const 2009-08-22 15:56:12.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/ssl_ciph.c 2009-08-22 15:56:12.000000000 +0200
@@ -1458,7 +1458,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
return(cipherstack);
}
-char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
{
int is_export,pkl,kl;
const char *ver,*exp_str;
diff -up openssl-1.0.0-beta3/ssl/ssl.h.const openssl-1.0.0-beta3/ssl/ssl.h
--- openssl-1.0.0-beta3/ssl/ssl.h.const 2009-08-22 15:56:11.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/ssl.h 2009-08-22 15:56:12.000000000 +0200
@@ -1638,7 +1638,7 @@ long SSL_get_default_timeout(const SSL *
int SSL_library_init(void );
-char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
+char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
SSL *SSL_dup(SSL *ssl);

View File

@ -0,0 +1,27 @@
diff -up openssl-1.0.0-beta3/apps/tsget.curl openssl-1.0.0-beta3/apps/tsget
--- openssl-1.0.0-beta3/apps/tsget.curl 2006-02-13 00:11:21.000000000 +0100
+++ openssl-1.0.0-beta3/apps/tsget 2009-08-21 15:37:24.000000000 +0200
@@ -7,7 +7,7 @@ use strict;
use IO::Handle;
use Getopt::Std;
use File::Basename;
-use WWW::Curl::easy;
+use WWW::Curl::Easy;
use vars qw(%options);
@@ -37,7 +37,7 @@ sub create_curl {
my $url = shift;
# Create Curl object.
- my $curl = WWW::Curl::easy::new();
+ my $curl = WWW::Curl::Easy::new();
# Error-handling related options.
$curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
@@ -192,4 +192,4 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();
-WWW::Curl::easy::global_cleanup();
+WWW::Curl::Easy::global_cleanup();

View File

@ -0,0 +1,77 @@
diff -up openssl-1.0.0-beta3/apps/s_client.c.default-paths openssl-1.0.0-beta3/apps/s_client.c
--- openssl-1.0.0-beta3/apps/s_client.c.default-paths 2009-06-30 18:10:24.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_client.c 2009-08-05 18:17:52.000000000 +0200
@@ -888,12 +888,13 @@ bad:
if (!set_cert_key_stuff(ctx,cert,key))
goto end;
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx))
{
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
- /* goto end; */
}
#ifndef OPENSSL_NO_TLSEXT
diff -up openssl-1.0.0-beta3/apps/s_server.c.default-paths openssl-1.0.0-beta3/apps/s_server.c
--- openssl-1.0.0-beta3/apps/s_server.c.default-paths 2009-06-30 18:10:24.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_server.c 2009-08-05 18:18:40.000000000 +0200
@@ -1403,12 +1403,13 @@ bad:
}
#endif
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx))
{
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
ERR_print_errors(bio_err);
- /* goto end; */
}
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
@@ -1457,8 +1458,11 @@ bad:
SSL_CTX_sess_set_cache_size(ctx2,128);
- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx2)))
+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx2))
{
ERR_print_errors(bio_err);
}
diff -up openssl-1.0.0-beta3/apps/s_time.c.default-paths openssl-1.0.0-beta3/apps/s_time.c
--- openssl-1.0.0-beta3/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_time.c 2009-08-05 18:00:35.000000000 +0200
@@ -373,12 +373,13 @@ int MAIN(int argc, char **argv)
SSL_load_error_strings();
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
{
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
- /* goto end; */
}
if (tm_cipher == NULL)

View File

@ -0,0 +1,44 @@
diff -up openssl-1.0.0-beta3/apps/openssl.cnf.defaults openssl-1.0.0-beta3/apps/openssl.cnf
--- openssl-1.0.0-beta3/apps/openssl.cnf.defaults 2009-04-04 20:09:43.000000000 +0200
+++ openssl-1.0.0-beta3/apps/openssl.cnf 2009-08-04 22:57:16.000000000 +0200
@@ -103,7 +103,8 @@ emailAddress = optional
####################################################################
[ req ]
-default_bits = 1024
+default_bits = 2048
+default_md = sha1
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -126,17 +127,18 @@ string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
-countryName_default = AU
+countryName_default = XX
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
+#stateOrProvinceName_default = Default Province
localityName = Locality Name (eg, city)
+localityName_default = Default City
0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
+0.organizationName_default = Default Company Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
@@ -145,7 +147,7 @@ localityName = Locality Name (eg, city
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
-commonName = Common Name (eg, YOUR name)
+commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address

View File

@ -0,0 +1,52 @@
diff -up openssl-1.0.0-beta3/Configure.enginesdir openssl-1.0.0-beta3/Configure
--- openssl-1.0.0-beta3/Configure.enginesdir 2009-08-10 19:46:32.000000000 +0200
+++ openssl-1.0.0-beta3/Configure 2009-08-10 19:46:32.000000000 +0200
@@ -616,6 +616,7 @@ my $idx_multilib = $idx++;
my $prefix="";
my $openssldir="";
+my $enginesdir="";
my $exe_ext="";
my $install_prefix="";
my $cross_compile_prefix="";
@@ -820,6 +821,10 @@ PROCESS_ARGS:
{
$openssldir=$1;
}
+ elsif (/^--enginesdir=(.*)$/)
+ {
+ $enginesdir=$1;
+ }
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
@@ -1037,7 +1042,7 @@ chop $prefix if $prefix =~ /.\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
print "IsMK1MF=$IsMK1MF\n";
@@ -1645,7 +1650,7 @@ while (<IN>)
# $foo is to become "$prefix/lib$multilib/engines";
# as Makefile.org and engines/Makefile are adapted for
# $multilib suffix.
- my $foo = "$prefix/lib/engines";
+ my $foo = "$enginesdir";
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
diff -up openssl-1.0.0-beta3/engines/Makefile.enginesdir openssl-1.0.0-beta3/engines/Makefile
--- openssl-1.0.0-beta3/engines/Makefile.enginesdir 2009-06-14 04:37:22.000000000 +0200
+++ openssl-1.0.0-beta3/engines/Makefile 2009-08-10 19:46:48.000000000 +0200
@@ -123,7 +123,7 @@ install:
sfx=".so"; \
cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx ); \
done; \
fi

12025
openssl-1.0.0-beta3-fips.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,400 @@
diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips.c
--- openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck 2009-08-10 20:11:59.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-08-10 20:11:59.000000000 +0200
@@ -47,6 +47,7 @@
*
*/
+#define _GNU_SOURCE
#include <openssl/rand.h>
#include <openssl/fips_rand.h>
@@ -56,6 +57,9 @@
#include <openssl/rsa.h>
#include <string.h>
#include <limits.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
@@ -165,6 +169,204 @@ int FIPS_selftest()
&& FIPS_selftest_dsa();
}
+/* we implement what libfipscheck does ourselves */
+
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rv = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL) {
+ return -1;
+ }
+
+ sym = dlsym(dl, symbolname);
+
+ if (sym != NULL && dladdr(sym, &info)) {
+ strncpy(path, info.dli_fname, pathlen-1);
+ path[pathlen-1] = '\0';
+ rv = 0;
+ }
+
+ dlclose(dl);
+
+ return rv;
+}
+
+static const char conv[] = "0123456789abcdef";
+
+static char *
+bin2hex(void *buf, size_t len)
+{
+ char *hex, *p;
+ unsigned char *src = buf;
+
+ hex = malloc(len * 2 + 1);
+ if (hex == NULL)
+ return NULL;
+
+ p = hex;
+
+ while (len > 0) {
+ unsigned c;
+
+ c = *src;
+ src++;
+
+ *p = conv[c >> 4];
+ ++p;
+ *p = conv[c & 0x0f];
+ ++p;
+ --len;
+ }
+ *p = '\0';
+ return hex;
+}
+
+#define HMAC_PREFIX "."
+#define HMAC_SUFFIX ".hmac"
+#define READ_BUFFER_LENGTH 16384
+
+static char *
+make_hmac_path(const char *origpath)
+{
+ char *path, *p;
+ const char *fn;
+
+ path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
+ if(path == NULL) {
+ return NULL;
+ }
+
+ fn = strrchr(origpath, '/');
+ if (fn == NULL) {
+ fn = origpath;
+ } else {
+ ++fn;
+ }
+
+ strncpy(path, origpath, fn-origpath);
+ p = path + (fn - origpath);
+ p = stpcpy(p, HMAC_PREFIX);
+ p = stpcpy(p, fn);
+ p = stpcpy(p, HMAC_SUFFIX);
+
+ return path;
+}
+
+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+static int
+compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
+{
+ FILE *f = NULL;
+ int rv = -1;
+ unsigned char rbuf[READ_BUFFER_LENGTH];
+ size_t len;
+ unsigned int hlen;
+ HMAC_CTX c;
+
+ HMAC_CTX_init(&c);
+
+ f = fopen(path, "r");
+
+ if (f == NULL) {
+ goto end;
+ }
+
+ HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
+
+ while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
+ HMAC_Update(&c, rbuf, len);
+ }
+
+ len = sizeof(rbuf);
+ /* reuse rbuf for hmac */
+ HMAC_Final(&c, rbuf, &hlen);
+
+ *buf = malloc(hlen);
+ if (*buf == NULL) {
+ goto end;
+ }
+
+ *hmaclen = hlen;
+
+ memcpy(*buf, rbuf, hlen);
+
+ rv = 0;
+end:
+ HMAC_CTX_cleanup(&c);
+
+ if (f)
+ fclose(f);
+
+ return rv;
+}
+
+static int
+FIPSCHECK_verify(const char *libname, const char *symbolname)
+{
+ char path[PATH_MAX+1];
+ int rv;
+ FILE *hf;
+ char *hmacpath, *p;
+ char *hmac = NULL;
+ size_t n;
+
+ rv = get_library_path(libname, symbolname, path, sizeof(path));
+
+ if (rv < 0)
+ return 0;
+
+ hmacpath = make_hmac_path(path);
+
+ hf = fopen(hmacpath, "r");
+ if (hf == NULL) {
+ free(hmacpath);
+ return 0;
+ }
+
+ if (getline(&hmac, &n, hf) > 0) {
+ void *buf;
+ size_t hmaclen;
+ char *hex;
+
+ if ((p=strchr(hmac, '\n')) != NULL)
+ *p = '\0';
+
+ if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
+ rv = -4;
+ goto end;
+ }
+
+ if ((hex=bin2hex(buf, hmaclen)) == NULL) {
+ free(buf);
+ rv = -5;
+ goto end;
+ }
+
+ if (strcmp(hex, hmac) != 0) {
+ rv = -1;
+ }
+ free(buf);
+ free(hex);
+ }
+
+end:
+ free(hmac);
+ free(hmacpath);
+ fclose(hf);
+
+ if (rv < 0)
+ return 0;
+
+ /* check successful */
+ return 1;
+}
+
int FIPS_mode_set(int onoff)
{
int fips_set_owning_thread();
@@ -201,6 +403,22 @@ int FIPS_mode_set(int onoff)
}
#endif
+ if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
+ {
+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
+ if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
+ {
+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
/* Perform RNG KAT before seeding */
if (!FIPS_selftest_rng())
{
diff -up openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c
--- openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck 2009-08-10 20:11:59.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c 2009-08-10 20:11:59.000000000 +0200
@@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
#ifdef OPENSSL_FIPS
-static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
+static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
const char *key)
{
size_t len=strlen(key);
@@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
if (len > SHA_CBLOCK)
{
- SHA1_Init(md_ctx);
- SHA1_Update(md_ctx,key,len);
- SHA1_Final(keymd,md_ctx);
- len=20;
+ SHA256_Init(md_ctx);
+ SHA256_Update(md_ctx,key,len);
+ SHA256_Final(keymd,md_ctx);
+ len=SHA256_DIGEST_LENGTH;
}
else
memcpy(keymd,key,len);
@@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
pad[i]=0x36^keymd[i];
- SHA1_Init(md_ctx);
- SHA1_Update(md_ctx,pad,SHA_CBLOCK);
+ SHA256_Init(md_ctx);
+ SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
pad[i]=0x5c^keymd[i];
- SHA1_Init(o_ctx);
- SHA1_Update(o_ctx,pad,SHA_CBLOCK);
+ SHA256_Init(o_ctx);
+ SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
}
-static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
+static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
{
- unsigned char buf[20];
+ unsigned char buf[SHA256_DIGEST_LENGTH];
- SHA1_Final(buf,md_ctx);
- SHA1_Update(o_ctx,buf,sizeof buf);
- SHA1_Final(md,o_ctx);
+ SHA256_Final(buf,md_ctx);
+ SHA256_Update(o_ctx,buf,sizeof buf);
+ SHA256_Final(md,o_ctx);
}
#endif
@@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
int main(int argc,char **argv)
{
#ifdef OPENSSL_FIPS
- static char key[]="etaonrishdlcupfm";
+ static char key[]="orboDeJITITejsirpADONivirpUkvarP";
int n,binary=0;
if(argc < 2)
@@ -125,8 +125,8 @@ int main(int argc,char **argv)
for(; n < argc ; ++n)
{
FILE *f=fopen(argv[n],"rb");
- SHA_CTX md_ctx,o_ctx;
- unsigned char md[20];
+ SHA256_CTX md_ctx,o_ctx;
+ unsigned char md[SHA256_DIGEST_LENGTH];
int i;
if(!f)
@@ -151,18 +151,18 @@ int main(int argc,char **argv)
else
break;
}
- SHA1_Update(&md_ctx,buf,l);
+ SHA256_Update(&md_ctx,buf,l);
}
hmac_final(md,&md_ctx,&o_ctx);
if (binary)
{
- fwrite(md,20,1,stdout);
+ fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
break; /* ... for single(!) file */
}
- printf("HMAC-SHA1(%s)= ",argv[n]);
- for(i=0 ; i < 20 ; ++i)
+/* printf("HMAC-SHA1(%s)= ",argv[n]); */
+ for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
printf("%02x",md[i]);
printf("\n");
}
diff -up openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck openssl-1.0.0-beta3/crypto/fips/Makefile
--- openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck 2009-08-10 20:11:59.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/Makefile 2009-08-10 20:27:45.000000000 +0200
@@ -16,6 +16,9 @@ GENERAL=Makefile
TEST=fips_test_suite.c fips_randtest.c
APPS=
+PROGRAM= fips_standalone_sha1
+EXE= $(PROGRAM)$(EXE_EXT)
+
LIB=$(TOP)/libcrypto.a
LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
fips_rsa_selftest.c fips_sha1_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
@@ -25,6 +28,8 @@ LIBOBJ=fips_aes_selftest.o fips_des_self
fips_rsa_selftest.o fips_sha1_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
fips_rsa_x931g.o
+LIBCRYPTO=-L.. -lcrypto
+
SRC= $(LIBSRC) fips_standalone_sha1.c
EXHEADER= fips.h fips_rand.h
@@ -35,13 +40,15 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-all: lib
+all: lib exe
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
+exe: $(EXE)
+
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -77,5 +84,9 @@ dclean:
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+$(EXE): $(PROGRAM).o
+ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
+ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
+
# DO NOT DELETE THIS LINE -- make depend depends on it.

View File

@ -0,0 +1,263 @@
diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta3/crypto/engine/eng_all.c
--- openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/engine/eng_all.c 2009-08-11 17:37:16.000000000 +0200
@@ -58,9 +58,23 @@
#include "cryptlib.h"
#include "eng_int.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
void ENGINE_load_builtin_engines(void)
{
+#ifdef OPENSSL_FIPS
+ OPENSSL_init_library();
+ if (FIPS_mode()) {
+ /* We allow loading dynamic engine as a third party
+ engine might be FIPS validated.
+ User is disallowed to load non-validated engines
+ by security policy. */
+ ENGINE_load_dynamic();
+ return;
+ }
+#endif
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be
diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_allc.c
--- openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode 2007-04-24 01:48:28.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/evp/c_allc.c 2009-08-11 17:42:34.000000000 +0200
@@ -65,6 +65,11 @@
void OpenSSL_add_all_ciphers(void)
{
+#ifdef OPENSSL_FIPS
+ OPENSSL_init_library();
+ if(!FIPS_mode())
+ {
+#endif
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_cfb1());
@@ -219,4 +224,61 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
#endif
+#ifdef OPENSSL_FIPS
+ }
+ else
+ {
+#ifndef OPENSSL_NO_DES
+ EVP_add_cipher(EVP_des_ede_cfb());
+ EVP_add_cipher(EVP_des_ede3_cfb());
+
+ EVP_add_cipher(EVP_des_ede_ofb());
+ EVP_add_cipher(EVP_des_ede3_ofb());
+
+ EVP_add_cipher(EVP_des_ede_cbc());
+ EVP_add_cipher(EVP_des_ede3_cbc());
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
+
+ EVP_add_cipher(EVP_des_ede());
+ EVP_add_cipher(EVP_des_ede3());
+#endif
+
+#ifndef OPENSSL_NO_AES
+ EVP_add_cipher(EVP_aes_128_ecb());
+ EVP_add_cipher(EVP_aes_128_cbc());
+ EVP_add_cipher(EVP_aes_128_cfb());
+ EVP_add_cipher(EVP_aes_128_cfb1());
+ EVP_add_cipher(EVP_aes_128_cfb8());
+ EVP_add_cipher(EVP_aes_128_ofb());
+#if 0
+ EVP_add_cipher(EVP_aes_128_ctr());
+#endif
+ EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
+ EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
+ EVP_add_cipher(EVP_aes_192_ecb());
+ EVP_add_cipher(EVP_aes_192_cbc());
+ EVP_add_cipher(EVP_aes_192_cfb());
+ EVP_add_cipher(EVP_aes_192_cfb1());
+ EVP_add_cipher(EVP_aes_192_cfb8());
+ EVP_add_cipher(EVP_aes_192_ofb());
+#if 0
+ EVP_add_cipher(EVP_aes_192_ctr());
+#endif
+ EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
+ EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
+ EVP_add_cipher(EVP_aes_256_ecb());
+ EVP_add_cipher(EVP_aes_256_cbc());
+ EVP_add_cipher(EVP_aes_256_cfb());
+ EVP_add_cipher(EVP_aes_256_cfb1());
+ EVP_add_cipher(EVP_aes_256_cfb8());
+ EVP_add_cipher(EVP_aes_256_ofb());
+#if 0
+ EVP_add_cipher(EVP_aes_256_ctr());
+#endif
+ EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
+ EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
+#endif
+ }
+#endif
}
diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_alld.c
--- openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/evp/c_alld.c 2009-08-11 17:54:08.000000000 +0200
@@ -64,6 +64,11 @@
void OpenSSL_add_all_digests(void)
{
+#ifdef OPENSSL_FIPS
+ OPENSSL_init_library();
+ if (!FIPS_mode())
+ {
+#endif
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
@@ -110,5 +115,33 @@ void OpenSSL_add_all_digests(void)
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
+#endif
+#ifdef OPENSSL_FIPS
+ }
+ else
+ {
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+ EVP_add_digest(EVP_sha1());
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#ifndef OPENSSL_NO_DSA
+ EVP_add_digest(EVP_dss1());
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ EVP_add_digest(EVP_ecdsa());
+#endif
+#endif
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
+ }
#endif
}
diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto/o_init.c
--- openssl-1.0.0-beta3/crypto/o_init.c.fipsmode 2009-08-11 17:28:25.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-08-11 17:39:06.000000000 +0200
@@ -59,6 +59,43 @@
#include <e_os.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <openssl/fips.h>
+
+#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
+
+static void init_fips_mode(void)
+ {
+ char buf[2] = "0";
+ int fd;
+
+ if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+ {
+ buf[0] = '1';
+ }
+ else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
+ {
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
+ close(fd);
+ }
+ /* Failure reading the fips mode switch file means just not
+ * switching into FIPS mode. We would break too many things
+ * otherwise.
+ */
+
+ if (buf[0] == '1')
+ {
+ FIPS_mode_set(1);
+ }
+ }
+#endif
+
/* Perform any essential OpenSSL initialization operations.
* Currently only sets FIPS callbacks
*/
@@ -72,6 +109,7 @@ void OPENSSL_init_library(void)
#ifdef CRYPTO_MDEBUG
CRYPTO_malloc_debug_init();
#endif
+ init_fips_mode();
done = 1;
}
#endif
diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl_algs.c
--- openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/ssl_algs.c 2009-08-11 18:01:13.000000000 +0200
@@ -64,6 +64,12 @@
int SSL_library_init(void)
{
+#ifdef OPENSSL_FIPS
+ OPENSSL_init_library();
+ if (!FIPS_mode())
+ {
+#endif
+
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
@@ -115,6 +121,38 @@ int SSL_library_init(void)
EVP_add_digest(EVP_sha());
EVP_add_digest(EVP_dss());
#endif
+#ifdef OPENSSL_FIPS
+ }
+ else
+ {
+#ifndef OPENSSL_NO_DES
+ EVP_add_cipher(EVP_des_ede3_cbc());
+#endif
+#ifndef OPENSSL_NO_AES
+ EVP_add_cipher(EVP_aes_128_cbc());
+ EVP_add_cipher(EVP_aes_192_cbc());
+ EVP_add_cipher(EVP_aes_256_cbc());
+#endif
+#ifndef OPENSSL_NO_MD5
+ /* needed even in the FIPS mode for TLS MAC */
+ EVP_add_digest(EVP_md5());
+#endif
+#ifndef OPENSSL_NO_SHA
+ EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#endif
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ EVP_add_digest(EVP_ecdsa());
+#endif
+ }
+#endif
#ifndef OPENSSL_NO_COMP
/* This will initialise the built-in compression algorithms.
The value returned is a STACK_OF(SSL_COMP), but that can

View File

@ -0,0 +1,79 @@
diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipsrng openssl-1.0.0-beta3/crypto/fips/fips.c
--- openssl-1.0.0-beta3/crypto/fips/fips.c.fipsrng 2009-08-11 18:12:14.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-08-11 18:14:36.000000000 +0200
@@ -427,22 +427,22 @@ int FIPS_mode_set(int onoff)
goto end;
}
+ /* now switch the RNG into FIPS mode */
+ fips_set_rand_check(FIPS_rand_method());
+ RAND_set_rand_method(FIPS_rand_method());
+
/* automagically seed PRNG if not already seeded */
if(!FIPS_rand_status())
{
- if(RAND_bytes(buf,sizeof buf) <= 0)
+ RAND_poll();
+ if (!FIPS_rand_status())
{
fips_selftest_fail = 1;
ret = 0;
goto end;
}
- FIPS_rand_set_key(buf,32);
- FIPS_rand_seed(buf+32,16);
}
- /* now switch into FIPS mode */
- fips_set_rand_check(FIPS_rand_method());
- RAND_set_rand_method(FIPS_rand_method());
if(FIPS_selftest())
fips_set_mode(1);
else
diff -up openssl-1.0.0-beta3/crypto/fips/fips_rand.c.fipsrng openssl-1.0.0-beta3/crypto/fips/fips_rand.c
--- openssl-1.0.0-beta3/crypto/fips/fips_rand.c.fipsrng 2009-08-11 18:12:14.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/fips_rand.c 2009-08-11 18:16:48.000000000 +0200
@@ -155,7 +155,18 @@ static int fips_set_prng_seed(FIPS_PRNG_
{
int i;
if (!ctx->keyed)
- return 0;
+ {
+ FIPS_RAND_SIZE_T keylen = 16;
+
+ if (seedlen - keylen < AES_BLOCK_LENGTH)
+ return 0;
+ if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
+ keylen += 8;
+ if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
+ keylen += 8;
+ seedlen -= keylen;
+ fips_set_prng_key(ctx, seed+seedlen, keylen);
+ }
/* In test mode seed is just supplied data */
if (ctx->test_mode)
{
@@ -276,6 +287,7 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
unsigned char tmp[AES_BLOCK_LENGTH];
int i;
+ FIPS_selftest_check();
if (ctx->error)
{
RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
diff -up openssl-1.0.0-beta3/crypto/rand/rand_lcl.h.fipsrng openssl-1.0.0-beta3/crypto/rand/rand_lcl.h
--- openssl-1.0.0-beta3/crypto/rand/rand_lcl.h.fipsrng 2009-08-11 18:12:13.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/rand/rand_lcl.h 2009-08-11 18:18:13.000000000 +0200
@@ -112,8 +112,11 @@
#ifndef HEADER_RAND_LCL_H
#define HEADER_RAND_LCL_H
+#ifndef OPENSSL_FIPS
#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
-
+#else
+#define ENTROPY_NEEDED 48 /* we need 48 bytes of randomness for FIPS rng */
+#endif
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)

View File

@ -0,0 +1,506 @@
diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_apps.h
--- openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_apps.h 2009-08-05 21:29:58.000000000 +0200
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, char *port, int type);
int should_retry(int i);
-int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/s_client.c
--- openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_client.c 2009-08-05 22:33:44.000000000 +0200
@@ -388,7 +388,7 @@ int MAIN(int argc, char **argv)
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
- short port=PORT;
+ char *port_str = PORT_STR;
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
@@ -486,13 +486,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
- port=atoi(*(++argv));
- if (port == 0) goto bad;
+ port_str= *(++argv);
}
else if (strcmp(*argv,"-connect") == 0)
{
if (--argc < 1) goto bad;
- if (!extract_host_port(*(++argv),&host,NULL,&port))
+ if (!extract_host_port(*(++argv),&host,&port_str))
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
@@ -956,7 +955,7 @@ bad:
re_start:
- if (init_client(&s,host,port,socket_type) == 0)
+ if (init_client(&s,host,port_str,socket_type) == 0)
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/s_server.c
--- openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_server.c 2009-08-05 21:29:58.000000000 +0200
@@ -837,7 +837,7 @@ int MAIN(int argc, char *argv[])
{
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
- short port=PORT;
+ char *port_str = PORT_STR;
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
@@ -907,8 +907,7 @@ int MAIN(int argc, char *argv[])
(strcmp(*argv,"-accept") == 0))
{
if (--argc < 1) goto bad;
- if (!extract_port(*(++argv),&port))
- goto bad;
+ port_str= *(++argv);
}
else if (strcmp(*argv,"-verify") == 0)
{
@@ -1685,9 +1684,9 @@ bad:
BIO_printf(bio_s_out,"ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (www)
- do_server(port,socket_type,&accept_socket,www_body, context);
+ do_server(port_str,socket_type,&accept_socket,www_body, context);
else
- do_server(port,socket_type,&accept_socket,sv_body, context);
+ do_server(port_str,socket_type,&accept_socket,sv_body, context);
print_stats(bio_s_out,ctx);
ret=0;
end:
diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/s_socket.c
--- openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps 2008-11-12 04:57:47.000000000 +0100
+++ openssl-1.0.0-beta3/apps/s_socket.c 2009-08-05 21:29:58.000000000 +0200
@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
static void ssl_sock_cleanup(void);
#endif
static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port,char *ip, int type);
+static int init_server(int *sock, char *port, int type);
static int do_accept(int acc_sock, int *sock, char **host);
static int host_ip(char *str, unsigned char ip[4]);
@@ -228,58 +226,70 @@ static int ssl_sock_init(void)
return(1);
}
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, char *port, int type)
{
- unsigned char ip[4];
-
- if (!host_ip(host,&(ip[0])))
- {
- return(0);
- }
- return(init_client_ip(sock,ip,port,type));
- }
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
- {
- unsigned long addr;
- struct sockaddr_in them;
- int s,i;
+ struct addrinfo *res, *res0, hints;
+ char * failed_call = NULL;
+ int s;
+ int e;
if (!ssl_sock_init()) return(0);
- memset((char *)&them,0,sizeof(them));
- them.sin_family=AF_INET;
- them.sin_port=htons((unsigned short)port);
- addr=(unsigned long)
- ((unsigned long)ip[0]<<24L)|
- ((unsigned long)ip[1]<<16L)|
- ((unsigned long)ip[2]<< 8L)|
- ((unsigned long)ip[3]);
- them.sin_addr.s_addr=htonl(addr);
-
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* ( type == SOCK_DGRAM) */
- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-
- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+ memset(&hints, '\0', sizeof(hints));
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_ADDRCONFIG;
+
+ e = getaddrinfo(host, port, &hints, &res);
+ if (e)
+ {
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+ if (e == EAI_SYSTEM)
+ perror("getaddrinfo");
+ return (0);
+ }
+ res0 = res;
+ while (res)
+ {
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (s == INVALID_SOCKET)
+ {
+ failed_call = "socket";
+ goto nextres;
+ }
#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
if (type == SOCK_STREAM)
{
- i=0;
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
+ int i=0;
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
+ (char *)&i,sizeof(i));
+ if (i < 0) {
+ failed_call = "keepalive";
+ goto nextres;
+ }
}
#endif
-
- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
- { closesocket(s); perror("connect"); return(0); }
+ if (connect(s,(struct sockaddr *)res->ai_addr,
+ res->ai_addrlen) == 0)
+ {
+ freeaddrinfo(res0);
*sock=s;
return(1);
}
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+ failed_call = "socket";
+nextres:
+ if (s != INVALID_SOCKET)
+ close(s);
+ res = res->ai_next;
+ }
+ freeaddrinfo(res0);
+
+ perror(failed_call);
+ return(0);
+ }
+
+int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
{
int sock;
char *name = NULL;
@@ -317,33 +327,38 @@ int do_server(int port, int type, int *r
}
}
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server(int *sock, char *port, int type)
{
- int ret=0;
- struct sockaddr_in server;
- int s= -1,i;
+ struct addrinfo *res, *res0, hints;
+ char * failed_call = NULL;
+ char port_name[8];
+ int s;
+ int e;
if (!ssl_sock_init()) return(0);
- memset((char *)&server,0,sizeof(server));
- server.sin_family=AF_INET;
- server.sin_port=htons((unsigned short)port);
- if (ip == NULL)
- server.sin_addr.s_addr=INADDR_ANY;
- else
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-#ifndef BIT_FIELD_LIMITS
- memcpy(&server.sin_addr.s_addr,ip,4);
-#else
- memcpy(&server.sin_addr,ip,4);
-#endif
+ memset(&hints, '\0', sizeof(hints));
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
+ e = getaddrinfo(NULL, port, &hints, &res);
+ if (e)
+ {
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+ if (e == EAI_SYSTEM)
+ perror("getaddrinfo");
+ return (0);
+ }
- if (s == INVALID_SOCKET) goto err;
+ res0 = res;
+ while (res)
+ {
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (s == INVALID_SOCKET)
+ {
+ failed_call = "socket";
+ goto nextres;
+ }
#if defined SOL_SOCKET && defined SO_REUSEADDR
{
int j = 1;
@@ -351,36 +366,39 @@ static int init_server_long(int *sock, i
(void *) &j, sizeof j);
}
#endif
- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+
+ if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
{
-#ifndef OPENSSL_SYS_WINDOWS
- perror("bind");
-#endif
- goto err;
+ failed_call = "bind";
+ goto nextres;
}
- /* Make it 128 for linux */
- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
- i=0;
- *sock=s;
- ret=1;
-err:
- if ((ret == 0) && (s != -1))
+ if (type==SOCK_STREAM && listen(s,128) == -1)
{
- SHUTDOWN(s);
+ failed_call = "listen";
+ goto nextres;
}
- return(ret);
+
+ *sock=s;
+ return(1);
+
+nextres:
+ if (s != INVALID_SOCKET)
+ close(s);
+ res = res->ai_next;
}
+ freeaddrinfo(res0);
-static int init_server(int *sock, int port, int type)
- {
- return(init_server_long(sock, port, NULL, type));
+ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+ perror(failed_call);
+ return(0);
}
static int do_accept(int acc_sock, int *sock, char **host)
{
- int ret,i;
- struct hostent *h1,*h2;
- static struct sockaddr_in from;
+ static struct sockaddr_storage from;
+ char buffer[NI_MAXHOST];
+ int ret;
int len;
/* struct linger ling; */
@@ -425,137 +443,62 @@ redoit:
if (i < 0) { perror("keepalive"); return(0); }
*/
- if (host == NULL) goto end;
-#ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr),AF_INET);
-#else
- h1=gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr),AF_INET);
-#endif
- if (h1 == NULL)
+ if (host == NULL)
{
- BIO_printf(bio_err,"bad gethostbyaddr\n");
- *host=NULL;
- /* return(0); */
- }
- else
- {
- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
- {
- perror("OPENSSL_malloc");
+ *sock=ret;
return(0);
}
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- h2=GetHostByName(*host);
- if (h2 == NULL)
+ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
+ buffer, sizeof(buffer),
+ NULL, 0, 0))
{
- BIO_printf(bio_err,"gethostbyname failure\n");
+ BIO_printf(bio_err,"getnameinfo failed\n");
+ *host=NULL;
return(0);
}
- i=0;
- if (h2->h_addrtype != AF_INET)
+ else
{
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
+ {
+ perror("OPENSSL_malloc");
return(0);
}
- }
-end:
+ strcpy(*host, buffer);
*sock=ret;
return(1);
}
+ }
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
- short *port_ptr)
+int extract_host_port(char *str, char **host_ptr,
+ char **port_ptr)
{
- char *h,*p;
+ char *h,*p,*x;
- h=str;
- p=strchr(str,':');
+ x=h=str;
+ if (*h == '[')
+ {
+ h++;
+ p=strchr(h,']');
if (p == NULL)
{
- BIO_printf(bio_err,"no port defined\n");
+ BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
return(0);
}
*(p++)='\0';
-
- if ((ip != NULL) && !host_ip(str,ip))
- goto err;
- if (host_ptr != NULL) *host_ptr=h;
-
- if (!extract_port(p,port_ptr))
- goto err;
- return(1);
-err:
- return(0);
+ x = p;
}
-
-static int host_ip(char *str, unsigned char ip[4])
- {
- unsigned int in[4];
- int i;
-
- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
- {
- for (i=0; i<4; i++)
- if (in[i] > 255)
- {
- BIO_printf(bio_err,"invalid IP address\n");
- goto err;
- }
- ip[0]=in[0];
- ip[1]=in[1];
- ip[2]=in[2];
- ip[3]=in[3];
- }
- else
- { /* do a gethostbyname */
- struct hostent *he;
-
- if (!ssl_sock_init()) return(0);
-
- he=GetHostByName(str);
- if (he == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
- goto err;
- }
- /* cast to short because of win16 winsock definition */
- if ((short)he->h_addrtype != AF_INET)
+ p=strchr(x,':');
+ if (p == NULL)
{
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
- return(0);
- }
- ip[0]=he->h_addr_list[0][0];
- ip[1]=he->h_addr_list[0][1];
- ip[2]=he->h_addr_list[0][2];
- ip[3]=he->h_addr_list[0][3];
- }
- return(1);
-err:
+ BIO_printf(bio_err,"no port defined\n");
return(0);
}
+ *(p++)='\0';
-int extract_port(char *str, short *port_ptr)
- {
- int i;
- struct servent *s;
+ if (host_ptr != NULL) *host_ptr=h;
+ if (port_ptr != NULL) *port_ptr=p;
- i=atoi(str);
- if (i != 0)
- *port_ptr=(unsigned short)i;
- else
- {
- s=getservbyname(str,"tcp");
- if (s == NULL)
- {
- BIO_printf(bio_err,"getservbyname failure for %s\n",str);
- return(0);
- }
- *port_ptr=ntohs((unsigned short)s->s_port);
- }
return(1);
}

View File

@ -0,0 +1,12 @@
diff -up openssl-1.0.0-beta3/Makefile.org.krb5 openssl-1.0.0-beta3/Makefile.org
--- openssl-1.0.0-beta3/Makefile.org.krb5 2009-04-23 18:12:09.000000000 +0200
+++ openssl-1.0.0-beta3/Makefile.org 2009-08-04 23:01:16.000000000 +0200
@@ -299,7 +299,7 @@ build-shared: do_$(SHLIB_TARGET) link-sh
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
- if [ "$(SHLIBDIRS)" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \

View File

@ -0,0 +1,253 @@
Index: openssl/crypto/asn1/a_set.c
RCS File: /v/openssl/cvs/openssl/crypto/asn1/a_set.c,v
rcsdiff -q -kk '-r1.20' '-r1.20.2.1' -u '/v/openssl/cvs/openssl/crypto/asn1/a_set.c,v' 2>/dev/null
--- openssl/crypto/asn1/a_set.c 2009/01/01 18:30:50 1.20
+++ openssl/crypto/asn1/a_set.c 2009/07/27 21:21:25 1.20.2.1
@@ -85,7 +85,7 @@
}
/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */
-int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class,
int is_set)
{
@@ -97,8 +97,8 @@
int totSize;
if (a == NULL) return(0);
- for (i=sk_BLOCK_num(a)-1; i>=0; i--)
- ret+=i2d(sk_BLOCK_value(a,i),NULL);
+ for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--)
+ ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL);
r=ASN1_object_size(1,ret,ex_tag);
if (pp == NULL) return(r);
@@ -109,10 +109,10 @@
/* And then again by Ben */
/* And again by Steve */
- if(!is_set || (sk_BLOCK_num(a) < 2))
+ if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2))
{
- for (i=0; i<sk_BLOCK_num(a); i++)
- i2d(sk_BLOCK_value(a,i),&p);
+ for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
+ i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
*pp=p;
return(r);
@@ -120,17 +120,17 @@
pStart = p; /* Catch the beg of Setblobs*/
/* In this array we will store the SET blobs */
- rgSetBlob = OPENSSL_malloc(sk_BLOCK_num(a) * sizeof(MYBLOB));
+ rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
if (rgSetBlob == NULL)
{
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
return(0);
}
- for (i=0; i<sk_BLOCK_num(a); i++)
+ for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
{
rgSetBlob[i].pbData = p; /* catch each set encode blob */
- i2d(sk_BLOCK_value(a,i),&p);
+ i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
SetBlob
*/
@@ -140,7 +140,7 @@
/* Now we have to sort the blobs. I am using a simple algo.
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
- qsort( rgSetBlob, sk_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
+ qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
if (!(pTempMem = OPENSSL_malloc(totSize)))
{
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
@@ -149,7 +149,7 @@
/* Copy to temp mem */
p = pTempMem;
- for(i=0; i<sk_BLOCK_num(a); ++i)
+ for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i)
{
memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
p += rgSetBlob[i].cbData;
@@ -163,17 +163,18 @@
return(r);
}
-STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
+ const unsigned char **pp,
long length, d2i_of_void *d2i,
- void (*free_func)(BLOCK), int ex_tag,
+ void (*free_func)(OPENSSL_BLOCK), int ex_tag,
int ex_class)
{
ASN1_const_CTX c;
- STACK_OF(BLOCK) *ret=NULL;
+ STACK_OF(OPENSSL_BLOCK) *ret=NULL;
if ((a == NULL) || ((*a) == NULL))
{
- if ((ret=sk_BLOCK_new_null()) == NULL)
+ if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL)
{
ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
goto err;
@@ -221,7 +222,7 @@
asn1_add_error(*pp,(int)(c.p- *pp));
goto err;
}
- if (!sk_BLOCK_push(ret,s)) goto err;
+ if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err;
}
if (a != NULL) (*a)=ret;
*pp=c.p;
@@ -230,9 +231,9 @@
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
{
if (free_func != NULL)
- sk_BLOCK_pop_free(ret,free_func);
+ sk_OPENSSL_BLOCK_pop_free(ret,free_func);
else
- sk_BLOCK_free(ret);
+ sk_OPENSSL_BLOCK_free(ret);
}
return(NULL);
}
Index: openssl/crypto/asn1/asn1.h
RCS File: /v/openssl/cvs/openssl/crypto/asn1/asn1.h,v
rcsdiff -q -kk '-r1.166.2.3' '-r1.166.2.4' -u '/v/openssl/cvs/openssl/crypto/asn1/asn1.h,v' 2>/dev/null
--- openssl/crypto/asn1/asn1.h 2009/07/24 11:15:55 1.166.2.3
+++ openssl/crypto/asn1/asn1.h 2009/07/27 21:21:25 1.166.2.4
@@ -887,12 +887,13 @@
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
-int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class,
int is_set);
-STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
+ const unsigned char **pp,
long length, d2i_of_void *d2i,
- void (*free_func)(BLOCK), int ex_tag,
+ void (*free_func)(OPENSSL_BLOCK), int ex_tag,
int ex_class);
#ifndef OPENSSL_NO_BIO
@@ -1045,9 +1046,9 @@
int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
unsigned char *data, int max_len);
-STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
- d2i_of_void *d2i, void (*free_func)(BLOCK));
-unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
+ d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
unsigned char **buf, int *len );
void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
Index: openssl/crypto/asn1/asn_pack.c
RCS File: /v/openssl/cvs/openssl/crypto/asn1/asn_pack.c,v
rcsdiff -q -kk '-r1.19' '-r1.19.2.1' -u '/v/openssl/cvs/openssl/crypto/asn1/asn_pack.c,v' 2>/dev/null
--- openssl/crypto/asn1/asn_pack.c 2008/11/12 03:57:49 1.19
+++ openssl/crypto/asn1/asn_pack.c 2009/07/27 21:21:25 1.19.2.1
@@ -66,10 +66,10 @@
/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
-STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
- d2i_of_void *d2i, void (*free_func)(BLOCK))
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
+ d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK))
{
- STACK_OF(BLOCK) *sk;
+ STACK_OF(OPENSSL_BLOCK) *sk;
const unsigned char *pbuf;
pbuf = buf;
if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
@@ -82,7 +82,7 @@
* OPENSSL_malloc'ed buffer
*/
-unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
unsigned char **buf, int *len)
{
int safelen;
Index: openssl/crypto/stack/safestack.h
RCS File: /v/openssl/cvs/openssl/crypto/stack/safestack.h,v
rcsdiff -q -kk '-r1.72.2.4' '-r1.72.2.5' -u '/v/openssl/cvs/openssl/crypto/stack/safestack.h,v' 2>/dev/null
--- openssl/crypto/stack/safestack.h 2009/07/27 21:08:50 1.72.2.4
+++ openssl/crypto/stack/safestack.h 2009/07/27 21:21:25 1.72.2.5
@@ -128,8 +128,8 @@
* nul-terminated. These should also be distinguished from "normal"
* stacks. */
-typedef void *BLOCK;
-DECLARE_SPECIAL_STACK_OF(BLOCK, void)
+typedef void *OPENSSL_BLOCK;
+DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
/* SKM_sk_... stack macros are internal to safestack.h:
* never use them directly, use sk_<type>_... instead */
@@ -2055,29 +2055,29 @@
#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
-#define sk_BLOCK_new(cmp) ((STACK_OF(BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_BLOCK_new_null() ((STACK_OF(BLOCK) *)sk_new_null())
-#define sk_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_BLOCK_value(st, i) ((BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(BLOCK), st), i))
-#define sk_BLOCK_num(st) SKM_sk_num(BLOCK, st)
-#define sk_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_FREE_FUNC2(BLOCK, free_func))
-#define sk_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val), i)
-#define sk_BLOCK_free(st) SKM_sk_free(BLOCK, st)
-#define sk_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), i, CHECKED_PTR_OF(void, val))
-#define sk_BLOCK_zero(st) SKM_sk_zero(BLOCK, (st))
-#define sk_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
-#define sk_BLOCK_delete(st, i) SKM_sk_delete(BLOCK, (st), (i))
-#define sk_BLOCK_delete_ptr(st, ptr) (BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, ptr))
-#define sk_BLOCK_set_cmp_func(st, cmp) \
+#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i))
+#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i)
+#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr))
+#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \
((int (*)(const void * const *,const void * const *)) \
- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_BLOCK_dup(st) SKM_sk_dup(BLOCK, st)
-#define sk_BLOCK_shift(st) SKM_sk_shift(BLOCK, (st))
-#define sk_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st))
-#define sk_BLOCK_sort(st) SKM_sk_sort(BLOCK, (st))
-#define sk_BLOCK_is_sorted(st) SKM_sk_is_sorted(BLOCK, (st))
+ sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st))
+#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,59 @@
diff -up openssl-1.0.0-beta3/Configure.redhat openssl-1.0.0-beta3/Configure
--- openssl-1.0.0-beta3/Configure.redhat 2009-07-08 10:50:52.000000000 +0200
+++ openssl-1.0.0-beta3/Configure 2009-08-04 22:46:59.000000000 +0200
@@ -331,32 +331,32 @@ my %table=(
####
# *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# It's believed that majority of ARM toolchains predefine appropriate -march.
# If you compiler does not, do complement config command line with one!
-"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4", "gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):\$(SHLIB_SONAMEVER)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -370,8 +370,8 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

View File

@ -0,0 +1,44 @@
diff -up openssl-1.0.0-beta3/Configure.soversion openssl-1.0.0-beta3/Configure
--- openssl-1.0.0-beta3/Configure.soversion 2009-08-04 23:06:52.000000000 +0200
+++ openssl-1.0.0-beta3/Configure 2009-08-04 23:06:52.000000000 +0200
@@ -1514,7 +1514,7 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
}
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
{
diff -up openssl-1.0.0-beta3/Makefile.org.soversion openssl-1.0.0-beta3/Makefile.org
--- openssl-1.0.0-beta3/Makefile.org.soversion 2009-08-04 23:06:52.000000000 +0200
+++ openssl-1.0.0-beta3/Makefile.org 2009-08-04 23:11:01.000000000 +0200
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=
SHLIB_MINOR=
SHLIB_EXT=
+SHLIB_SONAMEVER=10
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=
@@ -289,10 +290,9 @@ clean-shared:
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
@@ -303,7 +303,7 @@ do_$(SHLIB_TARGET):
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \

View File

@ -1 +1 @@
573353d8cb4330b71e9985cea4785d61 openssl-0.9.8j-usa.tar.bz2 9926dcf78e797a12d8e3ffd7a018824b openssl-1.0.0-beta3-usa.tar.bz2