- Update to version 1.0.0 beta 3
- Use %global instead of %define - Automatically generate debuginfo subpackage - Merged various changes from the native Fedora package (up to 1.0.0-0.5.beta3) - Don't use the %{_mingw32_make} macro anymore as it's ugly and causes side-effects NOTE: Right now, this package doesn't provide versioned DLL's as the upstream defaults are used and I couldn't find the right spot in the build scripts to realize this (openssl's build system is really messy..).
This commit is contained in:
parent
278c82103b
commit
1deb3708fc
@ -1 +1 @@
|
||||
openssl-0.9.8j-usa.tar.bz2
|
||||
openssl-1.0.0-beta3-usa.tar.bz2
|
||||
|
@ -4,33 +4,32 @@
|
||||
set -e
|
||||
|
||||
# Clean out patent-or-otherwise-encumbered code.
|
||||
# MDC-2: 4,908,861 13/03/2007
|
||||
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
|
||||
# IDEA: 5,214,703 25/05/2010
|
||||
# RC5: 5,724,428 03/03/2015
|
||||
# EC: ????????? ??/??/2015
|
||||
|
||||
# Remove assembler portions of IDEA, MDC2, and RC5.
|
||||
(find crypto/{idea,mdc2,rc5}/asm -type f | xargs -r rm -fv)
|
||||
(find crypto/{idea,rc5}/asm -type f | xargs -r rm -fv)
|
||||
|
||||
# IDEA, MDC2, RC5, EC.
|
||||
for a in idea mdc2 rc5 ec ecdh ecdsa; do
|
||||
for a in idea rc5 ec ecdh ecdsa; do
|
||||
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
|
||||
echo Destroying $c
|
||||
> $c
|
||||
done
|
||||
done
|
||||
|
||||
for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" -o -name "*_ecdsa.c"`; do
|
||||
for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_ecdsa.c"`; do
|
||||
echo Destroying $c
|
||||
> $c
|
||||
done
|
||||
|
||||
for h in `find crypto ssl apps test -name "*.h"` ; do
|
||||
echo Removing IDEA, MDC2, RC5, and EC references from $h
|
||||
echo Removing IDEA, RC5, and EC references from $h
|
||||
cat $h | \
|
||||
awk 'BEGIN {ech=1;} \
|
||||
/^#[ \t]*ifndef.*NO_IDEA/ {ech--; next;} \
|
||||
/^#[ \t]*ifndef.*NO_MDC2/ {ech--; next;} \
|
||||
/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
|
||||
/^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \
|
||||
/^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \
|
||||
|
44
mingw32-openssl-1.0.0-beta3-linker-fix.patch
Normal file
44
mingw32-openssl-1.0.0-beta3-linker-fix.patch
Normal file
@ -0,0 +1,44 @@
|
||||
--- util/libeay.num.orig 2009-08-29 15:41:45.207820734 +0200
|
||||
+++ util/libeay.num 2009-08-29 15:48:03.746817062 +0200
|
||||
@@ -1084,7 +1084,6 @@
|
||||
PROXY_set_connect_mode 1112 NOEXIST::FUNCTION:
|
||||
RAND_SSLeay 1113 EXIST::FUNCTION:
|
||||
RAND_set_rand_method 1114 EXIST::FUNCTION:
|
||||
-RSA_memory_lock 1115 EXIST::FUNCTION:RSA
|
||||
bn_sub_words 1116 EXIST::FUNCTION:
|
||||
bn_mul_normal 1117 NOEXIST::FUNCTION:
|
||||
bn_mul_comba8 1118 NOEXIST::FUNCTION:
|
||||
@@ -2844,17 +2843,8 @@
|
||||
X509_check_ca 3286 EXIST::FUNCTION:
|
||||
private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION:
|
||||
HMAC_CTX_set_flags 3288 NOEXIST::FUNCTION:
|
||||
-private_SHA_Init 3289 NOEXIST::FUNCTION:
|
||||
-private_CAST_set_key 3290 NOEXIST::FUNCTION:
|
||||
-private_RIPEMD160_Init 3291 NOEXIST::FUNCTION:
|
||||
private_RC5_32_set_key 3292 NOEXIST::FUNCTION:
|
||||
-private_MD5_Init 3293 NOEXIST::FUNCTION:
|
||||
-private_RC4_set_key 3294 NOEXIST::FUNCTION:
|
||||
private_MDC2_Init 3295 NOEXIST::FUNCTION:
|
||||
-private_RC2_set_key 3296 NOEXIST::FUNCTION:
|
||||
-private_MD4_Init 3297 NOEXIST::FUNCTION:
|
||||
-private_BF_set_key 3298 NOEXIST::FUNCTION:
|
||||
-private_MD2_Init 3299 NOEXIST::FUNCTION:
|
||||
d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION:
|
||||
PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
|
||||
PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
|
||||
@@ -3318,7 +3308,6 @@
|
||||
EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION:
|
||||
STORE_set_ex_data 3722 NOEXIST::FUNCTION:
|
||||
ENGINE_get_ECDSA 3723 EXIST::FUNCTION:ENGINE
|
||||
-EVP_ecdsa 3724 EXIST::FUNCTION:SHA
|
||||
BN_BLINDING_get_flags 3725 EXIST::FUNCTION:
|
||||
PKCS12_add_cert 3726 EXIST::FUNCTION:
|
||||
STORE_OBJECT_new 3727 NOEXIST::FUNCTION:
|
||||
@@ -3702,7 +3691,6 @@
|
||||
FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION:
|
||||
CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION:
|
||||
OPENSSL_init 4091 NOEXIST::FUNCTION:
|
||||
-private_Camellia_set_key 4092 NOEXIST::FUNCTION:
|
||||
CRYPTO_strdup 4093 EXIST::FUNCTION:
|
||||
JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE
|
||||
JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE
|
11
mingw32-openssl-1.0.0-beta3-shared.patch
Normal file
11
mingw32-openssl-1.0.0-beta3-shared.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- openssl-1.0.0-beta3/Makefile.shared.orig 2009-08-29 17:02:27.496816550 +0200
|
||||
+++ openssl-1.0.0-beta3/Makefile.shared 2009-08-29 17:04:54.897820373 +0200
|
||||
@@ -250,7 +250,7 @@
|
||||
base=-Wl,--enable-auto-image-base; \
|
||||
deffile=; \
|
||||
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
|
||||
- SHLIB=$(LIBNAME)eay32; base=; \
|
||||
+ SHLIB=lib$(LIBNAME); base=; \
|
||||
if test -f $(LIBNAME)eay32.def; then \
|
||||
deffile=$(LIBNAME)eay32.def; \
|
||||
fi; \
|
@ -1,8 +1,9 @@
|
||||
%define __strip %{_mingw32_strip}
|
||||
%define __objdump %{_mingw32_objdump}
|
||||
%define _use_internal_dependency_generator 0
|
||||
%define __find_requires %{_mingw32_findrequires}
|
||||
%define __find_provides %{_mingw32_findprovides}
|
||||
%global __strip %{_mingw32_strip}
|
||||
%global __objdump %{_mingw32_objdump}
|
||||
%global _use_internal_dependency_generator 0
|
||||
%global __find_requires %{_mingw32_findrequires}
|
||||
%global __find_provides %{_mingw32_findprovides}
|
||||
%define __debug_install_post %{_mingw32_debug_install_post}
|
||||
|
||||
# For the curious:
|
||||
# 0.9.5a soversion = 0
|
||||
@ -13,21 +14,24 @@
|
||||
# 0.9.7ef soversion = 5
|
||||
# 0.9.8ab soversion = 6
|
||||
# 0.9.8g soversion = 7
|
||||
# 0.9.8j + EAP-FAST soversion = 8
|
||||
%define soversion 8
|
||||
# 0.9.8jk + EAP-FAST soversion = 8
|
||||
# 1.0.0 soversion = 10
|
||||
%global soversion 10
|
||||
|
||||
%global beta beta3
|
||||
|
||||
# Enable the tests.
|
||||
# These only work some of the time, but fail randomly at other times
|
||||
# (although I have had them complete a few times, so I don't think
|
||||
# there is any actual problem with the binaries).
|
||||
%define run_tests 0
|
||||
%global run_tests 0
|
||||
|
||||
# Number of threads to spawn when testing some threading fixes.
|
||||
%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
|
||||
%global thread_test_threads %{?threads:%{threads}}%{!?threads:1}
|
||||
|
||||
Name: mingw32-openssl
|
||||
Version: 0.9.8j
|
||||
Release: 7%{?dist}
|
||||
Version: 1.0.0
|
||||
Release: 0.1.%{beta}%{?dist}
|
||||
Summary: MinGW port of the OpenSSL toolkit
|
||||
|
||||
License: OpenSSL
|
||||
@ -35,7 +39,7 @@ Group: Development/Libraries
|
||||
URL: http://www.openssl.org/
|
||||
|
||||
# Use the hobble-openssl script to create the source file.
|
||||
Source0: openssl-%{version}-usa.tar.bz2
|
||||
Source0: openssl-%{version}-%{beta}-usa.tar.bz2
|
||||
|
||||
Source1: hobble-openssl
|
||||
Source2: Makefile.certificate
|
||||
@ -46,38 +50,38 @@ Source10: opensslconf-new-warning.h
|
||||
|
||||
# Patches from Fedora native package.
|
||||
# Build changes
|
||||
Patch0: openssl-0.9.8j-redhat.patch
|
||||
Patch1: openssl-0.9.8a-defaults.patch
|
||||
Patch2: openssl-0.9.8a-link-krb5.patch
|
||||
Patch3: openssl-0.9.8j-soversion.patch
|
||||
Patch4: openssl-0.9.8j-enginesdir.patch
|
||||
Patch0: openssl-1.0.0-beta3-redhat.patch
|
||||
Patch1: openssl-1.0.0-beta3-defaults.patch
|
||||
Patch2: openssl-1.0.0-beta3-krb5.patch
|
||||
Patch3: openssl-1.0.0-beta3-soversion.patch
|
||||
Patch4: openssl-1.0.0-beta3-enginesdir.patch
|
||||
Patch5: openssl-0.9.8a-no-rpath.patch
|
||||
Patch6: openssl-0.9.8b-test-use-localhost.patch
|
||||
Patch7: openssl-0.9.8j-shlib-version.patch
|
||||
# Bug fixes
|
||||
Patch21: openssl-0.9.8b-aliasing-bug.patch
|
||||
Patch22: openssl-0.9.8b-x509-name-cmp.patch
|
||||
Patch23: openssl-0.9.8g-default-paths.patch
|
||||
Patch24: openssl-0.9.8g-no-extssl.patch
|
||||
Patch23: openssl-1.0.0-beta3-default-paths.patch
|
||||
# Functionality changes
|
||||
Patch32: openssl-0.9.8g-ia64.patch
|
||||
Patch33: openssl-0.9.8j-ca-dir.patch
|
||||
Patch34: openssl-0.9.6-x509.patch
|
||||
Patch35: openssl-0.9.8j-version-add-engines.patch
|
||||
Patch38: openssl-0.9.8a-reuse-cipher-change.patch
|
||||
Patch38: openssl-1.0.0-beta3-cipher-change.patch
|
||||
# Disabled this because it uses getaddrinfo which is lacking on Windows.
|
||||
#Patch39: openssl-0.9.8g-ipv6-apps.patch
|
||||
Patch40: openssl-0.9.8j-nocanister.patch
|
||||
Patch41: openssl-0.9.8j-use-fipscheck.patch
|
||||
Patch42: openssl-0.9.8j-fipscheck-hmac.patch
|
||||
Patch43: openssl-0.9.8j-evp-nonfips.patch
|
||||
Patch44: openssl-0.9.8j-kernel-fipsmode.patch
|
||||
#Patch39: openssl-1.0.0-beta3-ipv6-apps.patch
|
||||
Patch40: openssl-1.0.0-beta3-fips.patch
|
||||
Patch41: openssl-1.0.0-beta3-fipscheck.patch
|
||||
Patch43: openssl-1.0.0-beta3-fipsmode.patch
|
||||
Patch44: openssl-1.0.0-beta3-fipsrng.patch
|
||||
Patch45: openssl-0.9.8j-env-nozlib.patch
|
||||
Patch46: openssl-0.9.8j-eap-fast.patch
|
||||
Patch47: openssl-0.9.8j-readme-warning.patch
|
||||
Patch48: openssl-0.9.8j-bad-mime.patch
|
||||
Patch49: openssl-0.9.8j-fips-no-pairwise.patch
|
||||
Patch49: openssl-0.9.8k-algo-doc.patch
|
||||
Patch50: openssl-1.0.0-beta3-curl.patch
|
||||
Patch51: openssl-1.0.0-beta3-const.patch
|
||||
|
||||
# Backported fixes including security fixes
|
||||
Patch60: openssl-1.0.0-beta3-namingstr.patch
|
||||
Patch61: openssl-1.0.0-beta3-namingblk.patch
|
||||
|
||||
# MinGW-specific patches.
|
||||
Patch100: mingw32-openssl-0.9.8j-header-files.patch
|
||||
@ -85,12 +89,13 @@ Patch101: mingw32-openssl-0.9.8j-configure.patch
|
||||
Patch102: mingw32-openssl-0.9.8j-shared.patch
|
||||
Patch103: mingw32-openssl-0.9.8g-global.patch
|
||||
Patch104: mingw32-openssl-0.9.8g-sfx.patch
|
||||
Patch105: mingw32-openssl-1.0.0-beta3-linker-fix.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: mingw32-filesystem >= 49
|
||||
BuildRequires: mingw32-filesystem >= 52
|
||||
BuildRequires: mingw32-gcc
|
||||
BuildRequires: mingw32-binutils
|
||||
|
||||
@ -139,8 +144,11 @@ Requires: %{name} = %{version}-%{release}
|
||||
Static version of the MinGW port of the OpenSSL toolkit.
|
||||
|
||||
|
||||
%{_mingw32_debug_package}
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q -n openssl-%{version}
|
||||
%setup -q -n openssl-%{version}-%{beta}
|
||||
|
||||
%{SOURCE1} > /dev/null
|
||||
%patch0 -p1 -b .redhat
|
||||
@ -151,12 +159,9 @@ Static version of the MinGW port of the OpenSSL toolkit.
|
||||
%patch4 -p1 -b .enginesdir
|
||||
%patch5 -p1 -b .no-rpath
|
||||
%patch6 -p1 -b .use-localhost
|
||||
%patch7 -p1 -b .shlib-version
|
||||
|
||||
%patch21 -p1 -b .aliasing-bug
|
||||
%patch22 -p1 -b .name-cmp
|
||||
%patch23 -p1 -b .default-paths
|
||||
%patch24 -p1 -b .no-extssl
|
||||
|
||||
%patch32 -p1 -b .ia64
|
||||
#patch33 is applied after make test
|
||||
@ -164,22 +169,25 @@ Static version of the MinGW port of the OpenSSL toolkit.
|
||||
%patch35 -p1 -b .version-add-engines
|
||||
%patch38 -p1 -b .cipher-change
|
||||
#%patch39 -p1 -b .ipv6-apps
|
||||
%patch40 -p1 -b .nocanister
|
||||
%patch41 -p1 -b .use-fipscheck
|
||||
%patch42 -p1 -b .fipscheck-hmac
|
||||
%patch43 -p1 -b .evp-nonfips
|
||||
%patch44 -p1 -b .fipsmode
|
||||
%patch40 -p1 -b .fips
|
||||
%patch41 -p1 -b .fipscheck
|
||||
%patch43 -p1 -b .fipsmode
|
||||
%patch44 -p1 -b .fipsrng
|
||||
%patch45 -p1 -b .env-nozlib
|
||||
%patch46 -p1 -b .eap-fast
|
||||
%patch47 -p1 -b .warning
|
||||
%patch48 -p1 -b .bad-mime
|
||||
%patch49 -p1 -b .no-pairwise
|
||||
%patch49 -p1 -b .algo-doc
|
||||
%patch50 -p1 -b .curl
|
||||
%patch51 -p1 -b .const
|
||||
%patch60 -p1 -b .namingstr
|
||||
%patch61 -p1 -b .namingblk
|
||||
|
||||
%patch100 -p1 -b .mingw-header-files
|
||||
%patch101 -p1 -b .mingw-configure
|
||||
%patch102 -p1 -b .mingw-shared
|
||||
%patch103 -p1 -b .mingw-global
|
||||
%patch104 -p1 -b .mingw-sfx
|
||||
#%patch100 -p1 -b .mingw-header-files
|
||||
#%patch101 -p1 -b .mingw-configure
|
||||
#%patch102 -p1 -b .mingw-shared
|
||||
#%patch103 -p1 -b .mingw-global
|
||||
#%patch104 -p1 -b .mingw-sfx
|
||||
%patch105 -p0 -b .mingw-linker-fix
|
||||
|
||||
# Modify the various perl scripts to reference perl in the right location.
|
||||
perl util/perlpath.pl `dirname %{__perl}`
|
||||
@ -191,22 +199,22 @@ make TABLE PERL=%{__perl}
|
||||
%build
|
||||
# NB: 'no-hw' is vital. MinGW cannot build the hardware drivers
|
||||
# and if you don't have this you'll get an obscure link error.
|
||||
%{_mingw32_env}; \
|
||||
sed -i -e "s/MINGW32_CC/%{_mingw32_cc}/" -e "s/MINGW32_CFLAGS/%{_mingw32_cflags}/" -e "s/MINGW32_RANLIB/%{_mingw32_ranlib}/" Configure; \
|
||||
sed -i -e "s/MINGW32_CFLAGS/%{_mingw32_cflags}/" Configure; \
|
||||
./Configure \
|
||||
--prefix=%{_mingw32_prefix} \
|
||||
--openssldir=%{_mingw32_sysconfdir}/pki/tls \
|
||||
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
|
||||
no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa no-hw shared \
|
||||
enable-cms enable-md2 no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa \
|
||||
no-hw shared --cross-compile-prefix=%{_mingw32_target}- \
|
||||
--enginesdir=%{_mingw32_libdir}/openssl/engines \
|
||||
mingw
|
||||
# --with-krb5-flavor=MIT
|
||||
# -I%{_mingw32_prefix}/kerberos/include -L%{_mingw32_prefix}/kerberos/%{_lib}
|
||||
%{_mingw32_make} depend
|
||||
%{_mingw32_make} all build-shared
|
||||
make depend
|
||||
make all build-shared
|
||||
|
||||
# Generate hashes for the included certs.
|
||||
%{_mingw32_make} rehash build-shared
|
||||
make rehash build-shared
|
||||
|
||||
%if %{run_tests}
|
||||
#----------------------------------------------------------------------
|
||||
@ -240,7 +248,7 @@ sleep 3
|
||||
DISPLAY=$display
|
||||
export DISPLAY
|
||||
|
||||
%{_mingw32_make} LDCMD=%{_mingw32_cc} -C test apps tests
|
||||
make LDCMD=%{_mingw32_cc} -C test apps tests
|
||||
|
||||
# Disable this thread test, because we don't have pthread on Windows.
|
||||
%{_mingw32_cc} -o openssl-thread-test \
|
||||
@ -289,10 +297,6 @@ make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
|
||||
# Install the file applink.c (#499934)
|
||||
install -m644 ms/applink.c $RPM_BUILD_ROOT%{_mingw32_includedir}/openssl/applink.c
|
||||
|
||||
# Install the actual DLLs.
|
||||
install libcrypto-%{soversion}.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
|
||||
install libssl-%{soversion}.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
|
||||
|
||||
# I have no idea why it installs the manpages in /etc, but
|
||||
# we remove them anyway.
|
||||
rm -r $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/man
|
||||
@ -324,8 +328,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%doc LICENSE
|
||||
%{_mingw32_bindir}/openssl.exe
|
||||
%{_mingw32_bindir}/c_rehash
|
||||
%{_mingw32_bindir}/libcrypto-%{soversion}.dll
|
||||
%{_mingw32_bindir}/libssl-%{soversion}.dll
|
||||
%{_mingw32_bindir}/libeay32.dll
|
||||
%{_mingw32_bindir}/ssleay32.dll
|
||||
#{_mingw32_bindir}/.libcrypto*.hmac
|
||||
%{_mingw32_libdir}/libcrypto.dll.a
|
||||
%{_mingw32_libdir}/libssl.dll.a
|
||||
@ -342,6 +346,13 @@ rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Aug 28 2009 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.0-0.1.beta3
|
||||
- Update to version 1.0.0 beta 3
|
||||
- Use %%global instead of %%define
|
||||
- Automatically generate debuginfo subpackage
|
||||
- Merged various changes from the native Fedora package (up to 1.0.0-0.5.beta3)
|
||||
- Don't use the %%{_mingw32_make} macro anymore as it's ugly and causes side-effects
|
||||
|
||||
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8j-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
|
113
openssl-0.9.8k-algo-doc.patch
Normal file
113
openssl-0.9.8k-algo-doc.patch
Normal file
@ -0,0 +1,113 @@
|
||||
diff -up openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod
|
||||
--- openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod.algo-doc 2004-05-20 23:39:50.000000000 +0200
|
||||
+++ openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod 2009-06-30 12:04:47.000000000 +0200
|
||||
@@ -6,7 +6,8 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_
|
||||
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
|
||||
EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
|
||||
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
|
||||
-EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
|
||||
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224,
|
||||
+EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
|
||||
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
|
||||
EVP digest routines
|
||||
|
||||
@@ -51,6 +52,10 @@ EVP digest routines
|
||||
const EVP_MD *EVP_md5(void);
|
||||
const EVP_MD *EVP_sha(void);
|
||||
const EVP_MD *EVP_sha1(void);
|
||||
+ const EVP_MD *EVP_sha224(void);
|
||||
+ const EVP_MD *EVP_sha256(void);
|
||||
+ const EVP_MD *EVP_sha384(void);
|
||||
+ const EVP_MD *EVP_sha512(void);
|
||||
const EVP_MD *EVP_dss(void);
|
||||
const EVP_MD *EVP_dss1(void);
|
||||
const EVP_MD *EVP_mdc2(void);
|
||||
@@ -70,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
|
||||
|
||||
EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
|
||||
B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
|
||||
-function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
|
||||
+function. B<type> will typically be supplied by a function such as EVP_sha1().
|
||||
If B<impl> is NULL then the default implementation of digest B<type> is used.
|
||||
|
||||
EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
|
||||
@@ -127,9 +132,11 @@ with this digest. For example EVP_sha1()
|
||||
return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
|
||||
algorithms may not be retained in future versions of OpenSSL.
|
||||
|
||||
-EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
|
||||
-return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
|
||||
-algorithms respectively. The associated signature algorithm is RSA in each case.
|
||||
+EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
|
||||
+EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160()
|
||||
+return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384,
|
||||
+SHA512, MDC2 and RIPEMD160 digest algorithms respectively. The associated
|
||||
+signature algorithm is RSA in each case.
|
||||
|
||||
EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
|
||||
algorithms but using DSS (DSA) for the signature algorithm.
|
||||
@@ -156,7 +163,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_
|
||||
EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
|
||||
size in bytes.
|
||||
|
||||
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
|
||||
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
|
||||
+EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
|
||||
EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
|
||||
corresponding EVP_MD structures.
|
||||
|
||||
diff -up openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod
|
||||
--- openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod.algo-doc 2005-04-15 18:01:35.000000000 +0200
|
||||
+++ openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod 2009-06-30 12:04:47.000000000 +0200
|
||||
@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
|
||||
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
|
||||
int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
|
||||
|
||||
+ const EVP_CIPHER *EVP_des_ede3(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_ecb(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_cfb64(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_ofb(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_cbc(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_ecb(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_cbc(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_cfb1(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_cfb8(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_cfb128(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_ofb(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_ecb(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_cbc(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_cfb1(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_cfb8(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_cfb128(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_ofb(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_ecb(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_cbc(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_cfb1(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_cfb8(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_cfb128(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_ofb(void);
|
||||
+
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The EVP cipher routines are a high level interface to certain
|
||||
@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
|
||||
|
||||
DESX algorithm in CBC mode.
|
||||
|
||||
+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
|
||||
+
|
||||
+AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
|
||||
+
|
||||
+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
|
||||
+
|
||||
+AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
|
||||
+
|
||||
+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
|
||||
+
|
||||
+AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
|
||||
+
|
||||
=item EVP_rc4(void)
|
||||
|
||||
RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
|
21
openssl-1.0.0-beta3-cipher-change.patch
Normal file
21
openssl-1.0.0-beta3-cipher-change.patch
Normal file
@ -0,0 +1,21 @@
|
||||
diff -up openssl-1.0.0-beta3/ssl/ssl.h.cipher-change openssl-1.0.0-beta3/ssl/ssl.h
|
||||
--- openssl-1.0.0-beta3/ssl/ssl.h.cipher-change 2009-08-05 18:22:45.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/ssl/ssl.h 2009-08-05 18:27:32.000000000 +0200
|
||||
@@ -511,7 +511,7 @@ typedef struct ssl_session_st
|
||||
|
||||
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
|
||||
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
|
||||
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
|
||||
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */
|
||||
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
|
||||
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
|
||||
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
|
||||
@@ -528,7 +528,7 @@ typedef struct ssl_session_st
|
||||
|
||||
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
|
||||
* This used to be 0x000FFFFFL before 0.9.7. */
|
||||
-#define SSL_OP_ALL 0x80000FFFL
|
||||
+#define SSL_OP_ALL 0x80000FF7L
|
||||
|
||||
/* DTLS options */
|
||||
#define SSL_OP_NO_QUERY_MTU 0x00001000L
|
36
openssl-1.0.0-beta3-const.patch
Normal file
36
openssl-1.0.0-beta3-const.patch
Normal file
@ -0,0 +1,36 @@
|
||||
diff -up openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod.const openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod
|
||||
--- openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod.const 2009-02-14 22:49:37.000000000 +0100
|
||||
+++ openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod 2009-08-22 16:15:32.000000000 +0200
|
||||
@@ -11,7 +11,7 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits
|
||||
const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
|
||||
int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
|
||||
char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
|
||||
- char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size);
|
||||
+ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
diff -up openssl-1.0.0-beta3/ssl/ssl_ciph.c.const openssl-1.0.0-beta3/ssl/ssl_ciph.c
|
||||
--- openssl-1.0.0-beta3/ssl/ssl_ciph.c.const 2009-08-22 15:56:12.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/ssl/ssl_ciph.c 2009-08-22 15:56:12.000000000 +0200
|
||||
@@ -1458,7 +1458,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
return(cipherstack);
|
||||
}
|
||||
|
||||
-char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
|
||||
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
{
|
||||
int is_export,pkl,kl;
|
||||
const char *ver,*exp_str;
|
||||
diff -up openssl-1.0.0-beta3/ssl/ssl.h.const openssl-1.0.0-beta3/ssl/ssl.h
|
||||
--- openssl-1.0.0-beta3/ssl/ssl.h.const 2009-08-22 15:56:11.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/ssl/ssl.h 2009-08-22 15:56:12.000000000 +0200
|
||||
@@ -1638,7 +1638,7 @@ long SSL_get_default_timeout(const SSL *
|
||||
|
||||
int SSL_library_init(void );
|
||||
|
||||
-char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
|
||||
+char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
|
||||
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
|
||||
|
||||
SSL *SSL_dup(SSL *ssl);
|
27
openssl-1.0.0-beta3-curl.patch
Normal file
27
openssl-1.0.0-beta3-curl.patch
Normal file
@ -0,0 +1,27 @@
|
||||
diff -up openssl-1.0.0-beta3/apps/tsget.curl openssl-1.0.0-beta3/apps/tsget
|
||||
--- openssl-1.0.0-beta3/apps/tsget.curl 2006-02-13 00:11:21.000000000 +0100
|
||||
+++ openssl-1.0.0-beta3/apps/tsget 2009-08-21 15:37:24.000000000 +0200
|
||||
@@ -7,7 +7,7 @@ use strict;
|
||||
use IO::Handle;
|
||||
use Getopt::Std;
|
||||
use File::Basename;
|
||||
-use WWW::Curl::easy;
|
||||
+use WWW::Curl::Easy;
|
||||
|
||||
use vars qw(%options);
|
||||
|
||||
@@ -37,7 +37,7 @@ sub create_curl {
|
||||
my $url = shift;
|
||||
|
||||
# Create Curl object.
|
||||
- my $curl = WWW::Curl::easy::new();
|
||||
+ my $curl = WWW::Curl::Easy::new();
|
||||
|
||||
# Error-handling related options.
|
||||
$curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
|
||||
@@ -192,4 +192,4 @@ REQUEST: foreach (@ARGV) {
|
||||
STDERR->printflush(", $output written.\n") if $options{v};
|
||||
}
|
||||
$curl->cleanup();
|
||||
-WWW::Curl::easy::global_cleanup();
|
||||
+WWW::Curl::Easy::global_cleanup();
|
77
openssl-1.0.0-beta3-default-paths.patch
Normal file
77
openssl-1.0.0-beta3-default-paths.patch
Normal file
@ -0,0 +1,77 @@
|
||||
diff -up openssl-1.0.0-beta3/apps/s_client.c.default-paths openssl-1.0.0-beta3/apps/s_client.c
|
||||
--- openssl-1.0.0-beta3/apps/s_client.c.default-paths 2009-06-30 18:10:24.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/apps/s_client.c 2009-08-05 18:17:52.000000000 +0200
|
||||
@@ -888,12 +888,13 @@ bad:
|
||||
if (!set_cert_key_stuff(ctx,cert,key))
|
||||
goto end;
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(ctx)))
|
||||
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
|
||||
+ {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ if (!SSL_CTX_set_default_verify_paths(ctx))
|
||||
{
|
||||
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
|
||||
ERR_print_errors(bio_err);
|
||||
- /* goto end; */
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
diff -up openssl-1.0.0-beta3/apps/s_server.c.default-paths openssl-1.0.0-beta3/apps/s_server.c
|
||||
--- openssl-1.0.0-beta3/apps/s_server.c.default-paths 2009-06-30 18:10:24.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/apps/s_server.c 2009-08-05 18:18:40.000000000 +0200
|
||||
@@ -1403,12 +1403,13 @@ bad:
|
||||
}
|
||||
#endif
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(ctx)))
|
||||
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
|
||||
+ {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ if (!SSL_CTX_set_default_verify_paths(ctx))
|
||||
{
|
||||
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
|
||||
ERR_print_errors(bio_err);
|
||||
- /* goto end; */
|
||||
}
|
||||
if (vpm)
|
||||
SSL_CTX_set1_param(ctx, vpm);
|
||||
@@ -1457,8 +1458,11 @@ bad:
|
||||
|
||||
SSL_CTX_sess_set_cache_size(ctx2,128);
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(ctx2)))
|
||||
+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
|
||||
+ {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ if (!SSL_CTX_set_default_verify_paths(ctx2))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
diff -up openssl-1.0.0-beta3/apps/s_time.c.default-paths openssl-1.0.0-beta3/apps/s_time.c
|
||||
--- openssl-1.0.0-beta3/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/apps/s_time.c 2009-08-05 18:00:35.000000000 +0200
|
||||
@@ -373,12 +373,13 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
SSL_load_error_strings();
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
|
||||
+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
|
||||
+ {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
|
||||
{
|
||||
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
|
||||
ERR_print_errors(bio_err);
|
||||
- /* goto end; */
|
||||
}
|
||||
|
||||
if (tm_cipher == NULL)
|
44
openssl-1.0.0-beta3-defaults.patch
Normal file
44
openssl-1.0.0-beta3-defaults.patch
Normal file
@ -0,0 +1,44 @@
|
||||
diff -up openssl-1.0.0-beta3/apps/openssl.cnf.defaults openssl-1.0.0-beta3/apps/openssl.cnf
|
||||
--- openssl-1.0.0-beta3/apps/openssl.cnf.defaults 2009-04-04 20:09:43.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/apps/openssl.cnf 2009-08-04 22:57:16.000000000 +0200
|
||||
@@ -103,7 +103,8 @@ emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
-default_bits = 1024
|
||||
+default_bits = 2048
|
||||
+default_md = sha1
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
@@ -126,17 +127,18 @@ string_mask = utf8only
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
-countryName_default = AU
|
||||
+countryName_default = XX
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
-stateOrProvinceName_default = Some-State
|
||||
+#stateOrProvinceName_default = Default Province
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
+localityName_default = Default City
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
-0.organizationName_default = Internet Widgits Pty Ltd
|
||||
+0.organizationName_default = Default Company Ltd
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
@@ -145,7 +147,7 @@ localityName = Locality Name (eg, city
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default =
|
||||
|
||||
-commonName = Common Name (eg, YOUR name)
|
||||
+commonName = Common Name (eg, your name or your server\'s hostname)
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address
|
52
openssl-1.0.0-beta3-enginesdir.patch
Normal file
52
openssl-1.0.0-beta3-enginesdir.patch
Normal file
@ -0,0 +1,52 @@
|
||||
diff -up openssl-1.0.0-beta3/Configure.enginesdir openssl-1.0.0-beta3/Configure
|
||||
--- openssl-1.0.0-beta3/Configure.enginesdir 2009-08-10 19:46:32.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/Configure 2009-08-10 19:46:32.000000000 +0200
|
||||
@@ -616,6 +616,7 @@ my $idx_multilib = $idx++;
|
||||
|
||||
my $prefix="";
|
||||
my $openssldir="";
|
||||
+my $enginesdir="";
|
||||
my $exe_ext="";
|
||||
my $install_prefix="";
|
||||
my $cross_compile_prefix="";
|
||||
@@ -820,6 +821,10 @@ PROCESS_ARGS:
|
||||
{
|
||||
$openssldir=$1;
|
||||
}
|
||||
+ elsif (/^--enginesdir=(.*)$/)
|
||||
+ {
|
||||
+ $enginesdir=$1;
|
||||
+ }
|
||||
elsif (/^--install.prefix=(.*)$/)
|
||||
{
|
||||
$install_prefix=$1;
|
||||
@@ -1037,7 +1042,7 @@ chop $prefix if $prefix =~ /.\/$/;
|
||||
|
||||
$openssldir=$prefix . "/ssl" if $openssldir eq "";
|
||||
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
|
||||
-
|
||||
+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
|
||||
|
||||
print "IsMK1MF=$IsMK1MF\n";
|
||||
|
||||
@@ -1645,7 +1650,7 @@ while (<IN>)
|
||||
# $foo is to become "$prefix/lib$multilib/engines";
|
||||
# as Makefile.org and engines/Makefile are adapted for
|
||||
# $multilib suffix.
|
||||
- my $foo = "$prefix/lib/engines";
|
||||
+ my $foo = "$enginesdir";
|
||||
$foo =~ s/\\/\\\\/g;
|
||||
print OUT "#define ENGINESDIR \"$foo\"\n";
|
||||
}
|
||||
diff -up openssl-1.0.0-beta3/engines/Makefile.enginesdir openssl-1.0.0-beta3/engines/Makefile
|
||||
--- openssl-1.0.0-beta3/engines/Makefile.enginesdir 2009-06-14 04:37:22.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/engines/Makefile 2009-08-10 19:46:48.000000000 +0200
|
||||
@@ -123,7 +123,7 @@ install:
|
||||
sfx=".so"; \
|
||||
cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
|
||||
fi; \
|
||||
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
|
||||
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx ); \
|
||||
done; \
|
||||
fi
|
12025
openssl-1.0.0-beta3-fips.patch
Normal file
12025
openssl-1.0.0-beta3-fips.patch
Normal file
File diff suppressed because it is too large
Load Diff
400
openssl-1.0.0-beta3-fipscheck.patch
Normal file
400
openssl-1.0.0-beta3-fipscheck.patch
Normal file
@ -0,0 +1,400 @@
|
||||
diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips.c
|
||||
--- openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck 2009-08-10 20:11:59.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-08-10 20:11:59.000000000 +0200
|
||||
@@ -47,6 +47,7 @@
|
||||
*
|
||||
*/
|
||||
|
||||
+#define _GNU_SOURCE
|
||||
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/fips_rand.h>
|
||||
@@ -56,6 +57,9 @@
|
||||
#include <openssl/rsa.h>
|
||||
#include <string.h>
|
||||
#include <limits.h>
|
||||
+#include <dlfcn.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
#include "fips_locl.h"
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
@@ -165,6 +169,204 @@ int FIPS_selftest()
|
||||
&& FIPS_selftest_dsa();
|
||||
}
|
||||
|
||||
+/* we implement what libfipscheck does ourselves */
|
||||
+
|
||||
+static int
|
||||
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
|
||||
+{
|
||||
+ Dl_info info;
|
||||
+ void *dl, *sym;
|
||||
+ int rv = -1;
|
||||
+
|
||||
+ dl = dlopen(libname, RTLD_LAZY);
|
||||
+ if (dl == NULL) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ sym = dlsym(dl, symbolname);
|
||||
+
|
||||
+ if (sym != NULL && dladdr(sym, &info)) {
|
||||
+ strncpy(path, info.dli_fname, pathlen-1);
|
||||
+ path[pathlen-1] = '\0';
|
||||
+ rv = 0;
|
||||
+ }
|
||||
+
|
||||
+ dlclose(dl);
|
||||
+
|
||||
+ return rv;
|
||||
+}
|
||||
+
|
||||
+static const char conv[] = "0123456789abcdef";
|
||||
+
|
||||
+static char *
|
||||
+bin2hex(void *buf, size_t len)
|
||||
+{
|
||||
+ char *hex, *p;
|
||||
+ unsigned char *src = buf;
|
||||
+
|
||||
+ hex = malloc(len * 2 + 1);
|
||||
+ if (hex == NULL)
|
||||
+ return NULL;
|
||||
+
|
||||
+ p = hex;
|
||||
+
|
||||
+ while (len > 0) {
|
||||
+ unsigned c;
|
||||
+
|
||||
+ c = *src;
|
||||
+ src++;
|
||||
+
|
||||
+ *p = conv[c >> 4];
|
||||
+ ++p;
|
||||
+ *p = conv[c & 0x0f];
|
||||
+ ++p;
|
||||
+ --len;
|
||||
+ }
|
||||
+ *p = '\0';
|
||||
+ return hex;
|
||||
+}
|
||||
+
|
||||
+#define HMAC_PREFIX "."
|
||||
+#define HMAC_SUFFIX ".hmac"
|
||||
+#define READ_BUFFER_LENGTH 16384
|
||||
+
|
||||
+static char *
|
||||
+make_hmac_path(const char *origpath)
|
||||
+{
|
||||
+ char *path, *p;
|
||||
+ const char *fn;
|
||||
+
|
||||
+ path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
|
||||
+ if(path == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ fn = strrchr(origpath, '/');
|
||||
+ if (fn == NULL) {
|
||||
+ fn = origpath;
|
||||
+ } else {
|
||||
+ ++fn;
|
||||
+ }
|
||||
+
|
||||
+ strncpy(path, origpath, fn-origpath);
|
||||
+ p = path + (fn - origpath);
|
||||
+ p = stpcpy(p, HMAC_PREFIX);
|
||||
+ p = stpcpy(p, fn);
|
||||
+ p = stpcpy(p, HMAC_SUFFIX);
|
||||
+
|
||||
+ return path;
|
||||
+}
|
||||
+
|
||||
+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
|
||||
+
|
||||
+static int
|
||||
+compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
|
||||
+{
|
||||
+ FILE *f = NULL;
|
||||
+ int rv = -1;
|
||||
+ unsigned char rbuf[READ_BUFFER_LENGTH];
|
||||
+ size_t len;
|
||||
+ unsigned int hlen;
|
||||
+ HMAC_CTX c;
|
||||
+
|
||||
+ HMAC_CTX_init(&c);
|
||||
+
|
||||
+ f = fopen(path, "r");
|
||||
+
|
||||
+ if (f == NULL) {
|
||||
+ goto end;
|
||||
+ }
|
||||
+
|
||||
+ HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
|
||||
+
|
||||
+ while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
|
||||
+ HMAC_Update(&c, rbuf, len);
|
||||
+ }
|
||||
+
|
||||
+ len = sizeof(rbuf);
|
||||
+ /* reuse rbuf for hmac */
|
||||
+ HMAC_Final(&c, rbuf, &hlen);
|
||||
+
|
||||
+ *buf = malloc(hlen);
|
||||
+ if (*buf == NULL) {
|
||||
+ goto end;
|
||||
+ }
|
||||
+
|
||||
+ *hmaclen = hlen;
|
||||
+
|
||||
+ memcpy(*buf, rbuf, hlen);
|
||||
+
|
||||
+ rv = 0;
|
||||
+end:
|
||||
+ HMAC_CTX_cleanup(&c);
|
||||
+
|
||||
+ if (f)
|
||||
+ fclose(f);
|
||||
+
|
||||
+ return rv;
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+FIPSCHECK_verify(const char *libname, const char *symbolname)
|
||||
+{
|
||||
+ char path[PATH_MAX+1];
|
||||
+ int rv;
|
||||
+ FILE *hf;
|
||||
+ char *hmacpath, *p;
|
||||
+ char *hmac = NULL;
|
||||
+ size_t n;
|
||||
+
|
||||
+ rv = get_library_path(libname, symbolname, path, sizeof(path));
|
||||
+
|
||||
+ if (rv < 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ hmacpath = make_hmac_path(path);
|
||||
+
|
||||
+ hf = fopen(hmacpath, "r");
|
||||
+ if (hf == NULL) {
|
||||
+ free(hmacpath);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (getline(&hmac, &n, hf) > 0) {
|
||||
+ void *buf;
|
||||
+ size_t hmaclen;
|
||||
+ char *hex;
|
||||
+
|
||||
+ if ((p=strchr(hmac, '\n')) != NULL)
|
||||
+ *p = '\0';
|
||||
+
|
||||
+ if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
|
||||
+ rv = -4;
|
||||
+ goto end;
|
||||
+ }
|
||||
+
|
||||
+ if ((hex=bin2hex(buf, hmaclen)) == NULL) {
|
||||
+ free(buf);
|
||||
+ rv = -5;
|
||||
+ goto end;
|
||||
+ }
|
||||
+
|
||||
+ if (strcmp(hex, hmac) != 0) {
|
||||
+ rv = -1;
|
||||
+ }
|
||||
+ free(buf);
|
||||
+ free(hex);
|
||||
+ }
|
||||
+
|
||||
+end:
|
||||
+ free(hmac);
|
||||
+ free(hmacpath);
|
||||
+ fclose(hf);
|
||||
+
|
||||
+ if (rv < 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ /* check successful */
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
int FIPS_mode_set(int onoff)
|
||||
{
|
||||
int fips_set_owning_thread();
|
||||
@@ -201,6 +403,22 @@ int FIPS_mode_set(int onoff)
|
||||
}
|
||||
#endif
|
||||
|
||||
+ if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
|
||||
+ {
|
||||
+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
||||
+ fips_selftest_fail = 1;
|
||||
+ ret = 0;
|
||||
+ goto end;
|
||||
+ }
|
||||
+
|
||||
+ if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
|
||||
+ {
|
||||
+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
||||
+ fips_selftest_fail = 1;
|
||||
+ ret = 0;
|
||||
+ goto end;
|
||||
+ }
|
||||
+
|
||||
/* Perform RNG KAT before seeding */
|
||||
if (!FIPS_selftest_rng())
|
||||
{
|
||||
diff -up openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c
|
||||
--- openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck 2009-08-10 20:11:59.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c 2009-08-10 20:11:59.000000000 +0200
|
||||
@@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
|
||||
-static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
|
||||
+static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
|
||||
const char *key)
|
||||
{
|
||||
size_t len=strlen(key);
|
||||
@@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
|
||||
|
||||
if (len > SHA_CBLOCK)
|
||||
{
|
||||
- SHA1_Init(md_ctx);
|
||||
- SHA1_Update(md_ctx,key,len);
|
||||
- SHA1_Final(keymd,md_ctx);
|
||||
- len=20;
|
||||
+ SHA256_Init(md_ctx);
|
||||
+ SHA256_Update(md_ctx,key,len);
|
||||
+ SHA256_Final(keymd,md_ctx);
|
||||
+ len=SHA256_DIGEST_LENGTH;
|
||||
}
|
||||
else
|
||||
memcpy(keymd,key,len);
|
||||
@@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
|
||||
|
||||
for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
|
||||
pad[i]=0x36^keymd[i];
|
||||
- SHA1_Init(md_ctx);
|
||||
- SHA1_Update(md_ctx,pad,SHA_CBLOCK);
|
||||
+ SHA256_Init(md_ctx);
|
||||
+ SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
|
||||
|
||||
for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
|
||||
pad[i]=0x5c^keymd[i];
|
||||
- SHA1_Init(o_ctx);
|
||||
- SHA1_Update(o_ctx,pad,SHA_CBLOCK);
|
||||
+ SHA256_Init(o_ctx);
|
||||
+ SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
|
||||
}
|
||||
|
||||
-static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
|
||||
+static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
|
||||
{
|
||||
- unsigned char buf[20];
|
||||
+ unsigned char buf[SHA256_DIGEST_LENGTH];
|
||||
|
||||
- SHA1_Final(buf,md_ctx);
|
||||
- SHA1_Update(o_ctx,buf,sizeof buf);
|
||||
- SHA1_Final(md,o_ctx);
|
||||
+ SHA256_Final(buf,md_ctx);
|
||||
+ SHA256_Update(o_ctx,buf,sizeof buf);
|
||||
+ SHA256_Final(md,o_ctx);
|
||||
}
|
||||
|
||||
#endif
|
||||
@@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
|
||||
int main(int argc,char **argv)
|
||||
{
|
||||
#ifdef OPENSSL_FIPS
|
||||
- static char key[]="etaonrishdlcupfm";
|
||||
+ static char key[]="orboDeJITITejsirpADONivirpUkvarP";
|
||||
int n,binary=0;
|
||||
|
||||
if(argc < 2)
|
||||
@@ -125,8 +125,8 @@ int main(int argc,char **argv)
|
||||
for(; n < argc ; ++n)
|
||||
{
|
||||
FILE *f=fopen(argv[n],"rb");
|
||||
- SHA_CTX md_ctx,o_ctx;
|
||||
- unsigned char md[20];
|
||||
+ SHA256_CTX md_ctx,o_ctx;
|
||||
+ unsigned char md[SHA256_DIGEST_LENGTH];
|
||||
int i;
|
||||
|
||||
if(!f)
|
||||
@@ -151,18 +151,18 @@ int main(int argc,char **argv)
|
||||
else
|
||||
break;
|
||||
}
|
||||
- SHA1_Update(&md_ctx,buf,l);
|
||||
+ SHA256_Update(&md_ctx,buf,l);
|
||||
}
|
||||
hmac_final(md,&md_ctx,&o_ctx);
|
||||
|
||||
if (binary)
|
||||
{
|
||||
- fwrite(md,20,1,stdout);
|
||||
+ fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
|
||||
break; /* ... for single(!) file */
|
||||
}
|
||||
|
||||
- printf("HMAC-SHA1(%s)= ",argv[n]);
|
||||
- for(i=0 ; i < 20 ; ++i)
|
||||
+/* printf("HMAC-SHA1(%s)= ",argv[n]); */
|
||||
+ for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
|
||||
printf("%02x",md[i]);
|
||||
printf("\n");
|
||||
}
|
||||
diff -up openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck openssl-1.0.0-beta3/crypto/fips/Makefile
|
||||
--- openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck 2009-08-10 20:11:59.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/crypto/fips/Makefile 2009-08-10 20:27:45.000000000 +0200
|
||||
@@ -16,6 +16,9 @@ GENERAL=Makefile
|
||||
TEST=fips_test_suite.c fips_randtest.c
|
||||
APPS=
|
||||
|
||||
+PROGRAM= fips_standalone_sha1
|
||||
+EXE= $(PROGRAM)$(EXE_EXT)
|
||||
+
|
||||
LIB=$(TOP)/libcrypto.a
|
||||
LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
|
||||
fips_rsa_selftest.c fips_sha1_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
|
||||
@@ -25,6 +28,8 @@ LIBOBJ=fips_aes_selftest.o fips_des_self
|
||||
fips_rsa_selftest.o fips_sha1_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
|
||||
fips_rsa_x931g.o
|
||||
|
||||
+LIBCRYPTO=-L.. -lcrypto
|
||||
+
|
||||
SRC= $(LIBSRC) fips_standalone_sha1.c
|
||||
|
||||
EXHEADER= fips.h fips_rand.h
|
||||
@@ -35,13 +40,15 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||
top:
|
||||
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
|
||||
|
||||
-all: lib
|
||||
+all: lib exe
|
||||
|
||||
lib: $(LIBOBJ)
|
||||
$(AR) $(LIB) $(LIBOBJ)
|
||||
$(RANLIB) $(LIB) || echo Never mind.
|
||||
@touch lib
|
||||
|
||||
+exe: $(EXE)
|
||||
+
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
|
||||
|
||||
@@ -77,5 +84,9 @@ dclean:
|
||||
clean:
|
||||
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
|
||||
|
||||
+$(EXE): $(PROGRAM).o
|
||||
+ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
|
||||
+ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
|
||||
+
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
263
openssl-1.0.0-beta3-fipsmode.patch
Normal file
263
openssl-1.0.0-beta3-fipsmode.patch
Normal file
@ -0,0 +1,263 @@
|
||||
diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta3/crypto/engine/eng_all.c
|
||||
--- openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/crypto/engine/eng_all.c 2009-08-11 17:37:16.000000000 +0200
|
||||
@@ -58,9 +58,23 @@
|
||||
|
||||
#include "cryptlib.h"
|
||||
#include "eng_int.h"
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+#include <openssl/fips.h>
|
||||
+#endif
|
||||
|
||||
void ENGINE_load_builtin_engines(void)
|
||||
{
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ OPENSSL_init_library();
|
||||
+ if (FIPS_mode()) {
|
||||
+ /* We allow loading dynamic engine as a third party
|
||||
+ engine might be FIPS validated.
|
||||
+ User is disallowed to load non-validated engines
|
||||
+ by security policy. */
|
||||
+ ENGINE_load_dynamic();
|
||||
+ return;
|
||||
+ }
|
||||
+#endif
|
||||
#if 0
|
||||
/* There's no longer any need for an "openssl" ENGINE unless, one day,
|
||||
* it is the *only* way for standard builtin implementations to be be
|
||||
diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_allc.c
|
||||
--- openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode 2007-04-24 01:48:28.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/crypto/evp/c_allc.c 2009-08-11 17:42:34.000000000 +0200
|
||||
@@ -65,6 +65,11 @@
|
||||
void OpenSSL_add_all_ciphers(void)
|
||||
{
|
||||
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ OPENSSL_init_library();
|
||||
+ if(!FIPS_mode())
|
||||
+ {
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
EVP_add_cipher(EVP_des_cfb());
|
||||
EVP_add_cipher(EVP_des_cfb1());
|
||||
@@ -219,4 +224,61 @@ void OpenSSL_add_all_ciphers(void)
|
||||
EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
|
||||
EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
|
||||
#endif
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+#ifndef OPENSSL_NO_DES
|
||||
+ EVP_add_cipher(EVP_des_ede_cfb());
|
||||
+ EVP_add_cipher(EVP_des_ede3_cfb());
|
||||
+
|
||||
+ EVP_add_cipher(EVP_des_ede_ofb());
|
||||
+ EVP_add_cipher(EVP_des_ede3_ofb());
|
||||
+
|
||||
+ EVP_add_cipher(EVP_des_ede_cbc());
|
||||
+ EVP_add_cipher(EVP_des_ede3_cbc());
|
||||
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
|
||||
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
|
||||
+
|
||||
+ EVP_add_cipher(EVP_des_ede());
|
||||
+ EVP_add_cipher(EVP_des_ede3());
|
||||
+#endif
|
||||
+
|
||||
+#ifndef OPENSSL_NO_AES
|
||||
+ EVP_add_cipher(EVP_aes_128_ecb());
|
||||
+ EVP_add_cipher(EVP_aes_128_cbc());
|
||||
+ EVP_add_cipher(EVP_aes_128_cfb());
|
||||
+ EVP_add_cipher(EVP_aes_128_cfb1());
|
||||
+ EVP_add_cipher(EVP_aes_128_cfb8());
|
||||
+ EVP_add_cipher(EVP_aes_128_ofb());
|
||||
+#if 0
|
||||
+ EVP_add_cipher(EVP_aes_128_ctr());
|
||||
+#endif
|
||||
+ EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
|
||||
+ EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
|
||||
+ EVP_add_cipher(EVP_aes_192_ecb());
|
||||
+ EVP_add_cipher(EVP_aes_192_cbc());
|
||||
+ EVP_add_cipher(EVP_aes_192_cfb());
|
||||
+ EVP_add_cipher(EVP_aes_192_cfb1());
|
||||
+ EVP_add_cipher(EVP_aes_192_cfb8());
|
||||
+ EVP_add_cipher(EVP_aes_192_ofb());
|
||||
+#if 0
|
||||
+ EVP_add_cipher(EVP_aes_192_ctr());
|
||||
+#endif
|
||||
+ EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
|
||||
+ EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
|
||||
+ EVP_add_cipher(EVP_aes_256_ecb());
|
||||
+ EVP_add_cipher(EVP_aes_256_cbc());
|
||||
+ EVP_add_cipher(EVP_aes_256_cfb());
|
||||
+ EVP_add_cipher(EVP_aes_256_cfb1());
|
||||
+ EVP_add_cipher(EVP_aes_256_cfb8());
|
||||
+ EVP_add_cipher(EVP_aes_256_ofb());
|
||||
+#if 0
|
||||
+ EVP_add_cipher(EVP_aes_256_ctr());
|
||||
+#endif
|
||||
+ EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
|
||||
+ EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
|
||||
+#endif
|
||||
+ }
|
||||
+#endif
|
||||
}
|
||||
diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_alld.c
|
||||
--- openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/crypto/evp/c_alld.c 2009-08-11 17:54:08.000000000 +0200
|
||||
@@ -64,6 +64,11 @@
|
||||
|
||||
void OpenSSL_add_all_digests(void)
|
||||
{
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ OPENSSL_init_library();
|
||||
+ if (!FIPS_mode())
|
||||
+ {
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_MD4
|
||||
EVP_add_digest(EVP_md4());
|
||||
#endif
|
||||
@@ -110,5 +115,33 @@ void OpenSSL_add_all_digests(void)
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_WHIRLPOOL
|
||||
EVP_add_digest(EVP_whirlpool());
|
||||
+#endif
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
|
||||
+ EVP_add_digest(EVP_sha1());
|
||||
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
|
||||
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
|
||||
+#ifndef OPENSSL_NO_DSA
|
||||
+ EVP_add_digest(EVP_dss1());
|
||||
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
|
||||
+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
|
||||
+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_ECDSA
|
||||
+ EVP_add_digest(EVP_ecdsa());
|
||||
+#endif
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SHA256
|
||||
+ EVP_add_digest(EVP_sha224());
|
||||
+ EVP_add_digest(EVP_sha256());
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SHA512
|
||||
+ EVP_add_digest(EVP_sha384());
|
||||
+ EVP_add_digest(EVP_sha512());
|
||||
+#endif
|
||||
+ }
|
||||
#endif
|
||||
}
|
||||
diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto/o_init.c
|
||||
--- openssl-1.0.0-beta3/crypto/o_init.c.fipsmode 2009-08-11 17:28:25.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-08-11 17:39:06.000000000 +0200
|
||||
@@ -59,6 +59,43 @@
|
||||
#include <e_os.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <fcntl.h>
|
||||
+#include <unistd.h>
|
||||
+#include <errno.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <openssl/fips.h>
|
||||
+
|
||||
+#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
|
||||
+
|
||||
+static void init_fips_mode(void)
|
||||
+ {
|
||||
+ char buf[2] = "0";
|
||||
+ int fd;
|
||||
+
|
||||
+ if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
|
||||
+ {
|
||||
+ buf[0] = '1';
|
||||
+ }
|
||||
+ else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
|
||||
+ {
|
||||
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
|
||||
+ close(fd);
|
||||
+ }
|
||||
+ /* Failure reading the fips mode switch file means just not
|
||||
+ * switching into FIPS mode. We would break too many things
|
||||
+ * otherwise.
|
||||
+ */
|
||||
+
|
||||
+ if (buf[0] == '1')
|
||||
+ {
|
||||
+ FIPS_mode_set(1);
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/* Perform any essential OpenSSL initialization operations.
|
||||
* Currently only sets FIPS callbacks
|
||||
*/
|
||||
@@ -72,6 +109,7 @@ void OPENSSL_init_library(void)
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
CRYPTO_malloc_debug_init();
|
||||
#endif
|
||||
+ init_fips_mode();
|
||||
done = 1;
|
||||
}
|
||||
#endif
|
||||
diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl_algs.c
|
||||
--- openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/ssl/ssl_algs.c 2009-08-11 18:01:13.000000000 +0200
|
||||
@@ -64,6 +64,12 @@
|
||||
int SSL_library_init(void)
|
||||
{
|
||||
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ OPENSSL_init_library();
|
||||
+ if (!FIPS_mode())
|
||||
+ {
|
||||
+#endif
|
||||
+
|
||||
#ifndef OPENSSL_NO_DES
|
||||
EVP_add_cipher(EVP_des_cbc());
|
||||
EVP_add_cipher(EVP_des_ede3_cbc());
|
||||
@@ -115,6 +121,38 @@ int SSL_library_init(void)
|
||||
EVP_add_digest(EVP_sha());
|
||||
EVP_add_digest(EVP_dss());
|
||||
#endif
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+#ifndef OPENSSL_NO_DES
|
||||
+ EVP_add_cipher(EVP_des_ede3_cbc());
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_AES
|
||||
+ EVP_add_cipher(EVP_aes_128_cbc());
|
||||
+ EVP_add_cipher(EVP_aes_192_cbc());
|
||||
+ EVP_add_cipher(EVP_aes_256_cbc());
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_MD5
|
||||
+ /* needed even in the FIPS mode for TLS MAC */
|
||||
+ EVP_add_digest(EVP_md5());
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_SHA
|
||||
+ EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
|
||||
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
|
||||
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
|
||||
+#endif
|
||||
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
|
||||
+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
|
||||
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
|
||||
+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
|
||||
+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_ECDSA
|
||||
+ EVP_add_digest(EVP_ecdsa());
|
||||
+#endif
|
||||
+ }
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
/* This will initialise the built-in compression algorithms.
|
||||
The value returned is a STACK_OF(SSL_COMP), but that can
|
79
openssl-1.0.0-beta3-fipsrng.patch
Normal file
79
openssl-1.0.0-beta3-fipsrng.patch
Normal file
@ -0,0 +1,79 @@
|
||||
diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipsrng openssl-1.0.0-beta3/crypto/fips/fips.c
|
||||
--- openssl-1.0.0-beta3/crypto/fips/fips.c.fipsrng 2009-08-11 18:12:14.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-08-11 18:14:36.000000000 +0200
|
||||
@@ -427,22 +427,22 @@ int FIPS_mode_set(int onoff)
|
||||
goto end;
|
||||
}
|
||||
|
||||
+ /* now switch the RNG into FIPS mode */
|
||||
+ fips_set_rand_check(FIPS_rand_method());
|
||||
+ RAND_set_rand_method(FIPS_rand_method());
|
||||
+
|
||||
/* automagically seed PRNG if not already seeded */
|
||||
if(!FIPS_rand_status())
|
||||
{
|
||||
- if(RAND_bytes(buf,sizeof buf) <= 0)
|
||||
+ RAND_poll();
|
||||
+ if (!FIPS_rand_status())
|
||||
{
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
- FIPS_rand_set_key(buf,32);
|
||||
- FIPS_rand_seed(buf+32,16);
|
||||
}
|
||||
|
||||
- /* now switch into FIPS mode */
|
||||
- fips_set_rand_check(FIPS_rand_method());
|
||||
- RAND_set_rand_method(FIPS_rand_method());
|
||||
if(FIPS_selftest())
|
||||
fips_set_mode(1);
|
||||
else
|
||||
diff -up openssl-1.0.0-beta3/crypto/fips/fips_rand.c.fipsrng openssl-1.0.0-beta3/crypto/fips/fips_rand.c
|
||||
--- openssl-1.0.0-beta3/crypto/fips/fips_rand.c.fipsrng 2009-08-11 18:12:14.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/crypto/fips/fips_rand.c 2009-08-11 18:16:48.000000000 +0200
|
||||
@@ -155,7 +155,18 @@ static int fips_set_prng_seed(FIPS_PRNG_
|
||||
{
|
||||
int i;
|
||||
if (!ctx->keyed)
|
||||
- return 0;
|
||||
+ {
|
||||
+ FIPS_RAND_SIZE_T keylen = 16;
|
||||
+
|
||||
+ if (seedlen - keylen < AES_BLOCK_LENGTH)
|
||||
+ return 0;
|
||||
+ if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
|
||||
+ keylen += 8;
|
||||
+ if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
|
||||
+ keylen += 8;
|
||||
+ seedlen -= keylen;
|
||||
+ fips_set_prng_key(ctx, seed+seedlen, keylen);
|
||||
+ }
|
||||
/* In test mode seed is just supplied data */
|
||||
if (ctx->test_mode)
|
||||
{
|
||||
@@ -276,6 +287,7 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
|
||||
unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
|
||||
unsigned char tmp[AES_BLOCK_LENGTH];
|
||||
int i;
|
||||
+ FIPS_selftest_check();
|
||||
if (ctx->error)
|
||||
{
|
||||
RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
|
||||
diff -up openssl-1.0.0-beta3/crypto/rand/rand_lcl.h.fipsrng openssl-1.0.0-beta3/crypto/rand/rand_lcl.h
|
||||
--- openssl-1.0.0-beta3/crypto/rand/rand_lcl.h.fipsrng 2009-08-11 18:12:13.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/crypto/rand/rand_lcl.h 2009-08-11 18:18:13.000000000 +0200
|
||||
@@ -112,8 +112,11 @@
|
||||
#ifndef HEADER_RAND_LCL_H
|
||||
#define HEADER_RAND_LCL_H
|
||||
|
||||
+#ifndef OPENSSL_FIPS
|
||||
#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
|
||||
-
|
||||
+#else
|
||||
+#define ENTROPY_NEEDED 48 /* we need 48 bytes of randomness for FIPS rng */
|
||||
+#endif
|
||||
|
||||
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
|
||||
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
|
506
openssl-1.0.0-beta3-ipv6-apps.patch
Normal file
506
openssl-1.0.0-beta3-ipv6-apps.patch
Normal file
@ -0,0 +1,506 @@
|
||||
diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_apps.h
|
||||
--- openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/apps/s_apps.h 2009-08-05 21:29:58.000000000 +0200
|
||||
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
|
||||
#define PORT_STR "4433"
|
||||
#define PROTOCOL "tcp"
|
||||
|
||||
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
|
||||
+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
|
||||
#ifdef HEADER_X509_H
|
||||
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
|
||||
#endif
|
||||
@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
|
||||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
|
||||
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
|
||||
#endif
|
||||
-int init_client(int *sock, char *server, int port, int type);
|
||||
+int init_client(int *sock, char *server, char *port, int type);
|
||||
int should_retry(int i);
|
||||
-int extract_port(char *str, short *port_ptr);
|
||||
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
|
||||
+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
|
||||
|
||||
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
||||
int argi, long argl, long ret);
|
||||
diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/s_client.c
|
||||
--- openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/apps/s_client.c 2009-08-05 22:33:44.000000000 +0200
|
||||
@@ -388,7 +388,7 @@ int MAIN(int argc, char **argv)
|
||||
int cbuf_len,cbuf_off;
|
||||
int sbuf_len,sbuf_off;
|
||||
fd_set readfds,writefds;
|
||||
- short port=PORT;
|
||||
+ char *port_str = PORT_STR;
|
||||
int full_log=1;
|
||||
char *host=SSL_HOST_NAME;
|
||||
char *cert_file=NULL,*key_file=NULL;
|
||||
@@ -486,13 +486,12 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-port") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- port=atoi(*(++argv));
|
||||
- if (port == 0) goto bad;
|
||||
+ port_str= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-connect") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- if (!extract_host_port(*(++argv),&host,NULL,&port))
|
||||
+ if (!extract_host_port(*(++argv),&host,&port_str))
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-verify") == 0)
|
||||
@@ -956,7 +955,7 @@ bad:
|
||||
|
||||
re_start:
|
||||
|
||||
- if (init_client(&s,host,port,socket_type) == 0)
|
||||
+ if (init_client(&s,host,port_str,socket_type) == 0)
|
||||
{
|
||||
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
|
||||
SHUTDOWN(s);
|
||||
diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/s_server.c
|
||||
--- openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/apps/s_server.c 2009-08-05 21:29:58.000000000 +0200
|
||||
@@ -837,7 +837,7 @@ int MAIN(int argc, char *argv[])
|
||||
{
|
||||
X509_VERIFY_PARAM *vpm = NULL;
|
||||
int badarg = 0;
|
||||
- short port=PORT;
|
||||
+ char *port_str = PORT_STR;
|
||||
char *CApath=NULL,*CAfile=NULL;
|
||||
unsigned char *context = NULL;
|
||||
char *dhfile = NULL;
|
||||
@@ -907,8 +907,7 @@ int MAIN(int argc, char *argv[])
|
||||
(strcmp(*argv,"-accept") == 0))
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- if (!extract_port(*(++argv),&port))
|
||||
- goto bad;
|
||||
+ port_str= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-verify") == 0)
|
||||
{
|
||||
@@ -1685,9 +1684,9 @@ bad:
|
||||
BIO_printf(bio_s_out,"ACCEPT\n");
|
||||
(void)BIO_flush(bio_s_out);
|
||||
if (www)
|
||||
- do_server(port,socket_type,&accept_socket,www_body, context);
|
||||
+ do_server(port_str,socket_type,&accept_socket,www_body, context);
|
||||
else
|
||||
- do_server(port,socket_type,&accept_socket,sv_body, context);
|
||||
+ do_server(port_str,socket_type,&accept_socket,sv_body, context);
|
||||
print_stats(bio_s_out,ctx);
|
||||
ret=0;
|
||||
end:
|
||||
diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/s_socket.c
|
||||
--- openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps 2008-11-12 04:57:47.000000000 +0100
|
||||
+++ openssl-1.0.0-beta3/apps/s_socket.c 2009-08-05 21:29:58.000000000 +0200
|
||||
@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
|
||||
static void ssl_sock_cleanup(void);
|
||||
#endif
|
||||
static int ssl_sock_init(void);
|
||||
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
|
||||
-static int init_server(int *sock, int port, int type);
|
||||
-static int init_server_long(int *sock, int port,char *ip, int type);
|
||||
+static int init_server(int *sock, char *port, int type);
|
||||
static int do_accept(int acc_sock, int *sock, char **host);
|
||||
static int host_ip(char *str, unsigned char ip[4]);
|
||||
|
||||
@@ -228,58 +226,70 @@ static int ssl_sock_init(void)
|
||||
return(1);
|
||||
}
|
||||
|
||||
-int init_client(int *sock, char *host, int port, int type)
|
||||
+int init_client(int *sock, char *host, char *port, int type)
|
||||
{
|
||||
- unsigned char ip[4];
|
||||
-
|
||||
- if (!host_ip(host,&(ip[0])))
|
||||
- {
|
||||
- return(0);
|
||||
- }
|
||||
- return(init_client_ip(sock,ip,port,type));
|
||||
- }
|
||||
-
|
||||
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
|
||||
- {
|
||||
- unsigned long addr;
|
||||
- struct sockaddr_in them;
|
||||
- int s,i;
|
||||
+ struct addrinfo *res, *res0, hints;
|
||||
+ char * failed_call = NULL;
|
||||
+ int s;
|
||||
+ int e;
|
||||
|
||||
if (!ssl_sock_init()) return(0);
|
||||
|
||||
- memset((char *)&them,0,sizeof(them));
|
||||
- them.sin_family=AF_INET;
|
||||
- them.sin_port=htons((unsigned short)port);
|
||||
- addr=(unsigned long)
|
||||
- ((unsigned long)ip[0]<<24L)|
|
||||
- ((unsigned long)ip[1]<<16L)|
|
||||
- ((unsigned long)ip[2]<< 8L)|
|
||||
- ((unsigned long)ip[3]);
|
||||
- them.sin_addr.s_addr=htonl(addr);
|
||||
-
|
||||
- if (type == SOCK_STREAM)
|
||||
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
|
||||
- else /* ( type == SOCK_DGRAM) */
|
||||
- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
|
||||
-
|
||||
- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
|
||||
+ memset(&hints, '\0', sizeof(hints));
|
||||
+ hints.ai_socktype = type;
|
||||
+ hints.ai_flags = AI_ADDRCONFIG;
|
||||
+
|
||||
+ e = getaddrinfo(host, port, &hints, &res);
|
||||
+ if (e)
|
||||
+ {
|
||||
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
|
||||
+ if (e == EAI_SYSTEM)
|
||||
+ perror("getaddrinfo");
|
||||
+ return (0);
|
||||
+ }
|
||||
|
||||
+ res0 = res;
|
||||
+ while (res)
|
||||
+ {
|
||||
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
|
||||
+ if (s == INVALID_SOCKET)
|
||||
+ {
|
||||
+ failed_call = "socket";
|
||||
+ goto nextres;
|
||||
+ }
|
||||
#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
|
||||
if (type == SOCK_STREAM)
|
||||
{
|
||||
- i=0;
|
||||
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
|
||||
- if (i < 0) { perror("keepalive"); return(0); }
|
||||
+ int i=0;
|
||||
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
|
||||
+ (char *)&i,sizeof(i));
|
||||
+ if (i < 0) {
|
||||
+ failed_call = "keepalive";
|
||||
+ goto nextres;
|
||||
+ }
|
||||
}
|
||||
#endif
|
||||
-
|
||||
- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
|
||||
- { closesocket(s); perror("connect"); return(0); }
|
||||
+ if (connect(s,(struct sockaddr *)res->ai_addr,
|
||||
+ res->ai_addrlen) == 0)
|
||||
+ {
|
||||
+ freeaddrinfo(res0);
|
||||
*sock=s;
|
||||
return(1);
|
||||
}
|
||||
|
||||
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
|
||||
+ failed_call = "socket";
|
||||
+nextres:
|
||||
+ if (s != INVALID_SOCKET)
|
||||
+ close(s);
|
||||
+ res = res->ai_next;
|
||||
+ }
|
||||
+ freeaddrinfo(res0);
|
||||
+
|
||||
+ perror(failed_call);
|
||||
+ return(0);
|
||||
+ }
|
||||
+
|
||||
+int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
|
||||
{
|
||||
int sock;
|
||||
char *name = NULL;
|
||||
@@ -317,33 +327,38 @@ int do_server(int port, int type, int *r
|
||||
}
|
||||
}
|
||||
|
||||
-static int init_server_long(int *sock, int port, char *ip, int type)
|
||||
+static int init_server(int *sock, char *port, int type)
|
||||
{
|
||||
- int ret=0;
|
||||
- struct sockaddr_in server;
|
||||
- int s= -1,i;
|
||||
+ struct addrinfo *res, *res0, hints;
|
||||
+ char * failed_call = NULL;
|
||||
+ char port_name[8];
|
||||
+ int s;
|
||||
+ int e;
|
||||
|
||||
if (!ssl_sock_init()) return(0);
|
||||
|
||||
- memset((char *)&server,0,sizeof(server));
|
||||
- server.sin_family=AF_INET;
|
||||
- server.sin_port=htons((unsigned short)port);
|
||||
- if (ip == NULL)
|
||||
- server.sin_addr.s_addr=INADDR_ANY;
|
||||
- else
|
||||
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
|
||||
-#ifndef BIT_FIELD_LIMITS
|
||||
- memcpy(&server.sin_addr.s_addr,ip,4);
|
||||
-#else
|
||||
- memcpy(&server.sin_addr,ip,4);
|
||||
-#endif
|
||||
+ memset(&hints, '\0', sizeof(hints));
|
||||
+ hints.ai_socktype = type;
|
||||
+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
|
||||
|
||||
- if (type == SOCK_STREAM)
|
||||
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
|
||||
- else /* type == SOCK_DGRAM */
|
||||
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
|
||||
+ e = getaddrinfo(NULL, port, &hints, &res);
|
||||
+ if (e)
|
||||
+ {
|
||||
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
|
||||
+ if (e == EAI_SYSTEM)
|
||||
+ perror("getaddrinfo");
|
||||
+ return (0);
|
||||
+ }
|
||||
|
||||
- if (s == INVALID_SOCKET) goto err;
|
||||
+ res0 = res;
|
||||
+ while (res)
|
||||
+ {
|
||||
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
|
||||
+ if (s == INVALID_SOCKET)
|
||||
+ {
|
||||
+ failed_call = "socket";
|
||||
+ goto nextres;
|
||||
+ }
|
||||
#if defined SOL_SOCKET && defined SO_REUSEADDR
|
||||
{
|
||||
int j = 1;
|
||||
@@ -351,36 +366,39 @@ static int init_server_long(int *sock, i
|
||||
(void *) &j, sizeof j);
|
||||
}
|
||||
#endif
|
||||
- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
|
||||
+
|
||||
+ if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
|
||||
{
|
||||
-#ifndef OPENSSL_SYS_WINDOWS
|
||||
- perror("bind");
|
||||
-#endif
|
||||
- goto err;
|
||||
+ failed_call = "bind";
|
||||
+ goto nextres;
|
||||
}
|
||||
- /* Make it 128 for linux */
|
||||
- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
|
||||
- i=0;
|
||||
- *sock=s;
|
||||
- ret=1;
|
||||
-err:
|
||||
- if ((ret == 0) && (s != -1))
|
||||
+ if (type==SOCK_STREAM && listen(s,128) == -1)
|
||||
{
|
||||
- SHUTDOWN(s);
|
||||
+ failed_call = "listen";
|
||||
+ goto nextres;
|
||||
}
|
||||
- return(ret);
|
||||
+
|
||||
+ *sock=s;
|
||||
+ return(1);
|
||||
+
|
||||
+nextres:
|
||||
+ if (s != INVALID_SOCKET)
|
||||
+ close(s);
|
||||
+ res = res->ai_next;
|
||||
}
|
||||
+ freeaddrinfo(res0);
|
||||
|
||||
-static int init_server(int *sock, int port, int type)
|
||||
- {
|
||||
- return(init_server_long(sock, port, NULL, type));
|
||||
+ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
|
||||
+
|
||||
+ perror(failed_call);
|
||||
+ return(0);
|
||||
}
|
||||
|
||||
static int do_accept(int acc_sock, int *sock, char **host)
|
||||
{
|
||||
- int ret,i;
|
||||
- struct hostent *h1,*h2;
|
||||
- static struct sockaddr_in from;
|
||||
+ static struct sockaddr_storage from;
|
||||
+ char buffer[NI_MAXHOST];
|
||||
+ int ret;
|
||||
int len;
|
||||
/* struct linger ling; */
|
||||
|
||||
@@ -425,137 +443,62 @@ redoit:
|
||||
if (i < 0) { perror("keepalive"); return(0); }
|
||||
*/
|
||||
|
||||
- if (host == NULL) goto end;
|
||||
-#ifndef BIT_FIELD_LIMITS
|
||||
- /* I should use WSAAsyncGetHostByName() under windows */
|
||||
- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
|
||||
- sizeof(from.sin_addr.s_addr),AF_INET);
|
||||
-#else
|
||||
- h1=gethostbyaddr((char *)&from.sin_addr,
|
||||
- sizeof(struct in_addr),AF_INET);
|
||||
-#endif
|
||||
- if (h1 == NULL)
|
||||
+ if (host == NULL)
|
||||
{
|
||||
- BIO_printf(bio_err,"bad gethostbyaddr\n");
|
||||
- *host=NULL;
|
||||
- /* return(0); */
|
||||
- }
|
||||
- else
|
||||
- {
|
||||
- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
|
||||
- {
|
||||
- perror("OPENSSL_malloc");
|
||||
+ *sock=ret;
|
||||
return(0);
|
||||
}
|
||||
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
|
||||
|
||||
- h2=GetHostByName(*host);
|
||||
- if (h2 == NULL)
|
||||
+ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
|
||||
+ buffer, sizeof(buffer),
|
||||
+ NULL, 0, 0))
|
||||
{
|
||||
- BIO_printf(bio_err,"gethostbyname failure\n");
|
||||
+ BIO_printf(bio_err,"getnameinfo failed\n");
|
||||
+ *host=NULL;
|
||||
return(0);
|
||||
}
|
||||
- i=0;
|
||||
- if (h2->h_addrtype != AF_INET)
|
||||
+ else
|
||||
{
|
||||
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
|
||||
+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
|
||||
+ {
|
||||
+ perror("OPENSSL_malloc");
|
||||
return(0);
|
||||
}
|
||||
- }
|
||||
-end:
|
||||
+ strcpy(*host, buffer);
|
||||
*sock=ret;
|
||||
return(1);
|
||||
}
|
||||
+ }
|
||||
|
||||
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
|
||||
- short *port_ptr)
|
||||
+int extract_host_port(char *str, char **host_ptr,
|
||||
+ char **port_ptr)
|
||||
{
|
||||
- char *h,*p;
|
||||
+ char *h,*p,*x;
|
||||
|
||||
- h=str;
|
||||
- p=strchr(str,':');
|
||||
+ x=h=str;
|
||||
+ if (*h == '[')
|
||||
+ {
|
||||
+ h++;
|
||||
+ p=strchr(h,']');
|
||||
if (p == NULL)
|
||||
{
|
||||
- BIO_printf(bio_err,"no port defined\n");
|
||||
+ BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
|
||||
return(0);
|
||||
}
|
||||
*(p++)='\0';
|
||||
-
|
||||
- if ((ip != NULL) && !host_ip(str,ip))
|
||||
- goto err;
|
||||
- if (host_ptr != NULL) *host_ptr=h;
|
||||
-
|
||||
- if (!extract_port(p,port_ptr))
|
||||
- goto err;
|
||||
- return(1);
|
||||
-err:
|
||||
- return(0);
|
||||
+ x = p;
|
||||
}
|
||||
-
|
||||
-static int host_ip(char *str, unsigned char ip[4])
|
||||
- {
|
||||
- unsigned int in[4];
|
||||
- int i;
|
||||
-
|
||||
- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
|
||||
- {
|
||||
- for (i=0; i<4; i++)
|
||||
- if (in[i] > 255)
|
||||
- {
|
||||
- BIO_printf(bio_err,"invalid IP address\n");
|
||||
- goto err;
|
||||
- }
|
||||
- ip[0]=in[0];
|
||||
- ip[1]=in[1];
|
||||
- ip[2]=in[2];
|
||||
- ip[3]=in[3];
|
||||
- }
|
||||
- else
|
||||
- { /* do a gethostbyname */
|
||||
- struct hostent *he;
|
||||
-
|
||||
- if (!ssl_sock_init()) return(0);
|
||||
-
|
||||
- he=GetHostByName(str);
|
||||
- if (he == NULL)
|
||||
- {
|
||||
- BIO_printf(bio_err,"gethostbyname failure\n");
|
||||
- goto err;
|
||||
- }
|
||||
- /* cast to short because of win16 winsock definition */
|
||||
- if ((short)he->h_addrtype != AF_INET)
|
||||
+ p=strchr(x,':');
|
||||
+ if (p == NULL)
|
||||
{
|
||||
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
|
||||
- return(0);
|
||||
- }
|
||||
- ip[0]=he->h_addr_list[0][0];
|
||||
- ip[1]=he->h_addr_list[0][1];
|
||||
- ip[2]=he->h_addr_list[0][2];
|
||||
- ip[3]=he->h_addr_list[0][3];
|
||||
- }
|
||||
- return(1);
|
||||
-err:
|
||||
+ BIO_printf(bio_err,"no port defined\n");
|
||||
return(0);
|
||||
}
|
||||
+ *(p++)='\0';
|
||||
|
||||
-int extract_port(char *str, short *port_ptr)
|
||||
- {
|
||||
- int i;
|
||||
- struct servent *s;
|
||||
+ if (host_ptr != NULL) *host_ptr=h;
|
||||
+ if (port_ptr != NULL) *port_ptr=p;
|
||||
|
||||
- i=atoi(str);
|
||||
- if (i != 0)
|
||||
- *port_ptr=(unsigned short)i;
|
||||
- else
|
||||
- {
|
||||
- s=getservbyname(str,"tcp");
|
||||
- if (s == NULL)
|
||||
- {
|
||||
- BIO_printf(bio_err,"getservbyname failure for %s\n",str);
|
||||
- return(0);
|
||||
- }
|
||||
- *port_ptr=ntohs((unsigned short)s->s_port);
|
||||
- }
|
||||
return(1);
|
||||
}
|
||||
|
12
openssl-1.0.0-beta3-krb5.patch
Normal file
12
openssl-1.0.0-beta3-krb5.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.0.0-beta3/Makefile.org.krb5 openssl-1.0.0-beta3/Makefile.org
|
||||
--- openssl-1.0.0-beta3/Makefile.org.krb5 2009-04-23 18:12:09.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/Makefile.org 2009-08-04 23:01:16.000000000 +0200
|
||||
@@ -299,7 +299,7 @@ build-shared: do_$(SHLIB_TARGET) link-sh
|
||||
|
||||
do_$(SHLIB_TARGET):
|
||||
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
|
||||
- if [ "$(SHLIBDIRS)" = "ssl" -a -n "$(LIBKRB5)" ]; then \
|
||||
+ if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
|
||||
libs="$(LIBKRB5) $$libs"; \
|
||||
fi; \
|
||||
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
253
openssl-1.0.0-beta3-namingblk.patch
Normal file
253
openssl-1.0.0-beta3-namingblk.patch
Normal file
@ -0,0 +1,253 @@
|
||||
Index: openssl/crypto/asn1/a_set.c
|
||||
RCS File: /v/openssl/cvs/openssl/crypto/asn1/a_set.c,v
|
||||
rcsdiff -q -kk '-r1.20' '-r1.20.2.1' -u '/v/openssl/cvs/openssl/crypto/asn1/a_set.c,v' 2>/dev/null
|
||||
--- openssl/crypto/asn1/a_set.c 2009/01/01 18:30:50 1.20
|
||||
+++ openssl/crypto/asn1/a_set.c 2009/07/27 21:21:25 1.20.2.1
|
||||
@@ -85,7 +85,7 @@
|
||||
}
|
||||
|
||||
/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */
|
||||
-int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
|
||||
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
|
||||
i2d_of_void *i2d, int ex_tag, int ex_class,
|
||||
int is_set)
|
||||
{
|
||||
@@ -97,8 +97,8 @@
|
||||
int totSize;
|
||||
|
||||
if (a == NULL) return(0);
|
||||
- for (i=sk_BLOCK_num(a)-1; i>=0; i--)
|
||||
- ret+=i2d(sk_BLOCK_value(a,i),NULL);
|
||||
+ for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--)
|
||||
+ ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL);
|
||||
r=ASN1_object_size(1,ret,ex_tag);
|
||||
if (pp == NULL) return(r);
|
||||
|
||||
@@ -109,10 +109,10 @@
|
||||
/* And then again by Ben */
|
||||
/* And again by Steve */
|
||||
|
||||
- if(!is_set || (sk_BLOCK_num(a) < 2))
|
||||
+ if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2))
|
||||
{
|
||||
- for (i=0; i<sk_BLOCK_num(a); i++)
|
||||
- i2d(sk_BLOCK_value(a,i),&p);
|
||||
+ for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
|
||||
+ i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
|
||||
|
||||
*pp=p;
|
||||
return(r);
|
||||
@@ -120,17 +120,17 @@
|
||||
|
||||
pStart = p; /* Catch the beg of Setblobs*/
|
||||
/* In this array we will store the SET blobs */
|
||||
- rgSetBlob = OPENSSL_malloc(sk_BLOCK_num(a) * sizeof(MYBLOB));
|
||||
+ rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
|
||||
if (rgSetBlob == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
|
||||
return(0);
|
||||
}
|
||||
|
||||
- for (i=0; i<sk_BLOCK_num(a); i++)
|
||||
+ for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
|
||||
{
|
||||
rgSetBlob[i].pbData = p; /* catch each set encode blob */
|
||||
- i2d(sk_BLOCK_value(a,i),&p);
|
||||
+ i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
|
||||
rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
|
||||
SetBlob
|
||||
*/
|
||||
@@ -140,7 +140,7 @@
|
||||
|
||||
/* Now we have to sort the blobs. I am using a simple algo.
|
||||
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
|
||||
- qsort( rgSetBlob, sk_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
|
||||
+ qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
|
||||
if (!(pTempMem = OPENSSL_malloc(totSize)))
|
||||
{
|
||||
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
|
||||
@@ -149,7 +149,7 @@
|
||||
|
||||
/* Copy to temp mem */
|
||||
p = pTempMem;
|
||||
- for(i=0; i<sk_BLOCK_num(a); ++i)
|
||||
+ for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i)
|
||||
{
|
||||
memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
|
||||
p += rgSetBlob[i].cbData;
|
||||
@@ -163,17 +163,18 @@
|
||||
return(r);
|
||||
}
|
||||
|
||||
-STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
|
||||
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
|
||||
+ const unsigned char **pp,
|
||||
long length, d2i_of_void *d2i,
|
||||
- void (*free_func)(BLOCK), int ex_tag,
|
||||
+ void (*free_func)(OPENSSL_BLOCK), int ex_tag,
|
||||
int ex_class)
|
||||
{
|
||||
ASN1_const_CTX c;
|
||||
- STACK_OF(BLOCK) *ret=NULL;
|
||||
+ STACK_OF(OPENSSL_BLOCK) *ret=NULL;
|
||||
|
||||
if ((a == NULL) || ((*a) == NULL))
|
||||
{
|
||||
- if ((ret=sk_BLOCK_new_null()) == NULL)
|
||||
+ if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
@@ -221,7 +222,7 @@
|
||||
asn1_add_error(*pp,(int)(c.p- *pp));
|
||||
goto err;
|
||||
}
|
||||
- if (!sk_BLOCK_push(ret,s)) goto err;
|
||||
+ if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err;
|
||||
}
|
||||
if (a != NULL) (*a)=ret;
|
||||
*pp=c.p;
|
||||
@@ -230,9 +231,9 @@
|
||||
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
|
||||
{
|
||||
if (free_func != NULL)
|
||||
- sk_BLOCK_pop_free(ret,free_func);
|
||||
+ sk_OPENSSL_BLOCK_pop_free(ret,free_func);
|
||||
else
|
||||
- sk_BLOCK_free(ret);
|
||||
+ sk_OPENSSL_BLOCK_free(ret);
|
||||
}
|
||||
return(NULL);
|
||||
}
|
||||
Index: openssl/crypto/asn1/asn1.h
|
||||
RCS File: /v/openssl/cvs/openssl/crypto/asn1/asn1.h,v
|
||||
rcsdiff -q -kk '-r1.166.2.3' '-r1.166.2.4' -u '/v/openssl/cvs/openssl/crypto/asn1/asn1.h,v' 2>/dev/null
|
||||
--- openssl/crypto/asn1/asn1.h 2009/07/24 11:15:55 1.166.2.3
|
||||
+++ openssl/crypto/asn1/asn1.h 2009/07/27 21:21:25 1.166.2.4
|
||||
@@ -887,12 +887,13 @@
|
||||
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
|
||||
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
|
||||
|
||||
-int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
|
||||
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
|
||||
i2d_of_void *i2d, int ex_tag, int ex_class,
|
||||
int is_set);
|
||||
-STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
|
||||
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
|
||||
+ const unsigned char **pp,
|
||||
long length, d2i_of_void *d2i,
|
||||
- void (*free_func)(BLOCK), int ex_tag,
|
||||
+ void (*free_func)(OPENSSL_BLOCK), int ex_tag,
|
||||
int ex_class);
|
||||
|
||||
#ifndef OPENSSL_NO_BIO
|
||||
@@ -1045,9 +1046,9 @@
|
||||
int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
|
||||
unsigned char *data, int max_len);
|
||||
|
||||
-STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
|
||||
- d2i_of_void *d2i, void (*free_func)(BLOCK));
|
||||
-unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
|
||||
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
|
||||
+ d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
|
||||
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
|
||||
unsigned char **buf, int *len );
|
||||
void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
|
||||
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
|
||||
Index: openssl/crypto/asn1/asn_pack.c
|
||||
RCS File: /v/openssl/cvs/openssl/crypto/asn1/asn_pack.c,v
|
||||
rcsdiff -q -kk '-r1.19' '-r1.19.2.1' -u '/v/openssl/cvs/openssl/crypto/asn1/asn_pack.c,v' 2>/dev/null
|
||||
--- openssl/crypto/asn1/asn_pack.c 2008/11/12 03:57:49 1.19
|
||||
+++ openssl/crypto/asn1/asn_pack.c 2009/07/27 21:21:25 1.19.2.1
|
||||
@@ -66,10 +66,10 @@
|
||||
|
||||
/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
|
||||
|
||||
-STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
|
||||
- d2i_of_void *d2i, void (*free_func)(BLOCK))
|
||||
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
|
||||
+ d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK))
|
||||
{
|
||||
- STACK_OF(BLOCK) *sk;
|
||||
+ STACK_OF(OPENSSL_BLOCK) *sk;
|
||||
const unsigned char *pbuf;
|
||||
pbuf = buf;
|
||||
if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
|
||||
@@ -82,7 +82,7 @@
|
||||
* OPENSSL_malloc'ed buffer
|
||||
*/
|
||||
|
||||
-unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
|
||||
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
|
||||
unsigned char **buf, int *len)
|
||||
{
|
||||
int safelen;
|
||||
Index: openssl/crypto/stack/safestack.h
|
||||
RCS File: /v/openssl/cvs/openssl/crypto/stack/safestack.h,v
|
||||
rcsdiff -q -kk '-r1.72.2.4' '-r1.72.2.5' -u '/v/openssl/cvs/openssl/crypto/stack/safestack.h,v' 2>/dev/null
|
||||
--- openssl/crypto/stack/safestack.h 2009/07/27 21:08:50 1.72.2.4
|
||||
+++ openssl/crypto/stack/safestack.h 2009/07/27 21:21:25 1.72.2.5
|
||||
@@ -128,8 +128,8 @@
|
||||
* nul-terminated. These should also be distinguished from "normal"
|
||||
* stacks. */
|
||||
|
||||
-typedef void *BLOCK;
|
||||
-DECLARE_SPECIAL_STACK_OF(BLOCK, void)
|
||||
+typedef void *OPENSSL_BLOCK;
|
||||
+DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
|
||||
|
||||
/* SKM_sk_... stack macros are internal to safestack.h:
|
||||
* never use them directly, use sk_<type>_... instead */
|
||||
@@ -2055,29 +2055,29 @@
|
||||
#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
|
||||
|
||||
|
||||
-#define sk_BLOCK_new(cmp) ((STACK_OF(BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
|
||||
-#define sk_BLOCK_new_null() ((STACK_OF(BLOCK) *)sk_new_null())
|
||||
-#define sk_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
|
||||
-#define sk_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
|
||||
-#define sk_BLOCK_value(st, i) ((BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(BLOCK), st), i))
|
||||
-#define sk_BLOCK_num(st) SKM_sk_num(BLOCK, st)
|
||||
-#define sk_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_FREE_FUNC2(BLOCK, free_func))
|
||||
-#define sk_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val), i)
|
||||
-#define sk_BLOCK_free(st) SKM_sk_free(BLOCK, st)
|
||||
-#define sk_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), i, CHECKED_PTR_OF(void, val))
|
||||
-#define sk_BLOCK_zero(st) SKM_sk_zero(BLOCK, (st))
|
||||
-#define sk_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
|
||||
-#define sk_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
|
||||
-#define sk_BLOCK_delete(st, i) SKM_sk_delete(BLOCK, (st), (i))
|
||||
-#define sk_BLOCK_delete_ptr(st, ptr) (BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, ptr))
|
||||
-#define sk_BLOCK_set_cmp_func(st, cmp) \
|
||||
+#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
|
||||
+#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
|
||||
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
|
||||
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
|
||||
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i))
|
||||
+#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
|
||||
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
|
||||
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i)
|
||||
+#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
|
||||
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val))
|
||||
+#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
|
||||
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
|
||||
+#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
|
||||
+#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
|
||||
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr))
|
||||
+#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \
|
||||
((int (*)(const void * const *,const void * const *)) \
|
||||
- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
|
||||
-#define sk_BLOCK_dup(st) SKM_sk_dup(BLOCK, st)
|
||||
-#define sk_BLOCK_shift(st) SKM_sk_shift(BLOCK, (st))
|
||||
-#define sk_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st))
|
||||
-#define sk_BLOCK_sort(st) SKM_sk_sort(BLOCK, (st))
|
||||
-#define sk_BLOCK_is_sorted(st) SKM_sk_is_sorted(BLOCK, (st))
|
||||
+ sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
|
||||
+#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
|
||||
+#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
|
||||
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st))
|
||||
+#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
|
||||
+#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
|
||||
|
||||
|
||||
#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
|
1663
openssl-1.0.0-beta3-namingstr.patch
Normal file
1663
openssl-1.0.0-beta3-namingstr.patch
Normal file
File diff suppressed because it is too large
Load Diff
59
openssl-1.0.0-beta3-redhat.patch
Normal file
59
openssl-1.0.0-beta3-redhat.patch
Normal file
@ -0,0 +1,59 @@
|
||||
diff -up openssl-1.0.0-beta3/Configure.redhat openssl-1.0.0-beta3/Configure
|
||||
--- openssl-1.0.0-beta3/Configure.redhat 2009-07-08 10:50:52.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/Configure 2009-08-04 22:46:59.000000000 +0200
|
||||
@@ -331,32 +331,32 @@ my %table=(
|
||||
####
|
||||
# *-generic* is endian-neutral target, but ./config is free to
|
||||
# throw in -D[BL]_ENDIAN, whichever appropriate...
|
||||
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
# It's believed that majority of ARM toolchains predefine appropriate -march.
|
||||
# If you compiler does not, do complement config command line with one!
|
||||
-"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-armv4", "gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
#### IA-32 targets...
|
||||
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
|
||||
####
|
||||
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):\$(SHLIB_SONAMEVER)",
|
||||
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
-"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
+"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
#### SPARC Linux setups
|
||||
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
|
||||
# assisted with debugging of following two configs.
|
||||
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
# it's a real mess with -mcpu=ultrasparc option under Linux, but
|
||||
# -Wa,-Av8plus should do the trick no matter what.
|
||||
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
# GCC 3.1 is a requirement
|
||||
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
#### Alpha Linux with GNU C and Compaq C setups
|
||||
# Special notes:
|
||||
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
|
||||
@@ -370,8 +370,8 @@ my %table=(
|
||||
#
|
||||
# <appro@fy.chalmers.se>
|
||||
#
|
||||
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
|
||||
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
|
||||
|
44
openssl-1.0.0-beta3-soversion.patch
Normal file
44
openssl-1.0.0-beta3-soversion.patch
Normal file
@ -0,0 +1,44 @@
|
||||
diff -up openssl-1.0.0-beta3/Configure.soversion openssl-1.0.0-beta3/Configure
|
||||
--- openssl-1.0.0-beta3/Configure.soversion 2009-08-04 23:06:52.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/Configure 2009-08-04 23:06:52.000000000 +0200
|
||||
@@ -1514,7 +1514,7 @@ while (<IN>)
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
|
||||
{
|
||||
my $sotmp = $1;
|
||||
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
|
||||
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
|
||||
}
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
|
||||
{
|
||||
diff -up openssl-1.0.0-beta3/Makefile.org.soversion openssl-1.0.0-beta3/Makefile.org
|
||||
--- openssl-1.0.0-beta3/Makefile.org.soversion 2009-08-04 23:06:52.000000000 +0200
|
||||
+++ openssl-1.0.0-beta3/Makefile.org 2009-08-04 23:11:01.000000000 +0200
|
||||
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
|
||||
SHLIB_MAJOR=
|
||||
SHLIB_MINOR=
|
||||
SHLIB_EXT=
|
||||
+SHLIB_SONAMEVER=10
|
||||
PLATFORM=dist
|
||||
OPTIONS=
|
||||
CONFIGURE_ARGS=
|
||||
@@ -289,10 +290,9 @@ clean-shared:
|
||||
link-shared:
|
||||
@ set -e; for i in $(SHLIBDIRS); do \
|
||||
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
|
||||
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
|
||||
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
|
||||
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
|
||||
symlink.$(SHLIB_TARGET); \
|
||||
- libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
build-shared: do_$(SHLIB_TARGET) link-shared
|
||||
@@ -303,7 +303,7 @@ do_$(SHLIB_TARGET):
|
||||
libs="$(LIBKRB5) $$libs"; \
|
||||
fi; \
|
||||
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
||||
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
|
||||
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
|
||||
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
|
||||
LIBDEPS="$$libs $(EX_LIBS)" \
|
||||
link_a.$(SHLIB_TARGET); \
|
Loading…
Reference in New Issue
Block a user