webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 00:12:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssl: Update to 1.0.1e.

Browse Source 
Contains also the old openssl-0.9.8 libs for compatibility purposes.
This commit is contained in:
Erik Kapfer
2013-12-23 17:23:17 +01:00
committed by Michael Tremer
parent 4176a1bada
commit 0f90adc0aa
10 changed files with 1786 additions and 1103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1116
config/rootfiles/common/openssl
View File

File diff suppressed because it is too large Load Diff

2
config/rootfiles/common/openssl-compat Normal file
View File

@@ -0,0 +1,2 @@
usr/lib/libcrypto.so.0.9.8
usr/lib/libssl.so.0.9.8

69
lfs/openssl
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 0.9.8y
VER = 1.0.1e
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,6 +32,17 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
ifeq "$(MACHINE)" "i586"
CONFIGURE_ARGS = linux-elf no-asm 386
endif
ifeq "$(MACHINE)" "armv5tel"
CONFIGURE_ARGS = linux-generic32
endif
CFLAGS += -DPURIFY
export RPM_OPT_FLAGS = $(CFLAGS)
###############################################################################
# Top-level Rules
###############################################################################
@@ -40,7 +51,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 47c7fb37f78c970f1d30aa2f9e9e26d8
$(DL_FILE)_MD5 = 66bf6f10f060d561929de96f9dfe5b8c
install : $(TARGET)
@@ -70,15 +81,49 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8u-cryptodev.patch
@rm -rf /etc/ssl
cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config
cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure
cd $(DIR_APP) && ./Configure --openssldir=/etc/ssl --prefix=/usr shared linux-elf \
zlib-dynamic no-asm 386 -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGEST
cd $(DIR_APP) && make MANDIR=/usr/share/man
cd $(DIR_APP) && make MANDIR=/usr/share/man install
rm -rf /etc/ssl/lib
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1-beta2-build.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_pod_syntax-1.patch
cd $(DIR_APP) && find crypto/ -name Makefile -exec \
sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
cd $(DIR_APP) && ./Configure \
--prefix=/usr \
--openssldir=/etc/ssl \
--enginesdir=/usr/lib/openssl/engines \
shared \
zlib-dynamic \
enable-camellia \
enable-md2 \
enable-seed \
enable-tlsext \
enable-rfc3779 \
no-idea \
no-mdc2 \
no-rc5 \
no-srp \
$(CONFIGURE_ARGS) \
-DSSL_FORBID_ENULL \
-DHAVE_CRYPTODEV \
-DUSE_CRYPTODEV_DIGEST
cd $(DIR_APP) && make depend
cd $(DIR_APP) && make
# Install everything.
cd $(DIR_APP) && make install
install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl
# Remove man pages.
-rm -vfr /etc/ssl/man
# Move engines to the right place.
-mkdir -pv /usr/lib/openssl
rm -vfr /usr/lib/openssl/engines
mv -v /usr/lib/engines /usr/lib/openssl
@rm -rf $(DIR_APP)
@$(POSTBUILD)

95
lfs/openssl-compat Normal file
View File

@@ -0,0 +1,95 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 0.9.8y
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 47c7fb37f78c970f1d30aa2f9e9e26d8
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config
cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure
# Support for engines is disabled, because the shared objects from the
# new version of openssl cannot be loaded by the old one.
cd $(DIR_APP) && ./Configure \
--prefix=/usr \
--openssldir=/etc/ssl \
shared linux-elf \
zlib-dynamic \
no-engines \
no-asm 386
cd $(DIR_APP) && make depend
cd $(DIR_APP) && make
cd $(DIR_APP) && install -v -m 755 libcrypto.so.0.9.8 /usr/lib
cd $(DIR_APP) && install -v -m 755 libssl.so.0.9.8 /usr/lib
@rm -rf $(DIR_APP)
@$(POSTBUILD)

1
make.sh
View File

@@ -460,6 +460,7 @@ buildipfire() {
ipfiremake gdbm
ipfiremake pam
ipfiremake openssl
ipfiremake openssl-compat
ipfiremake curl
ipfiremake tcl
ipfiremake sqlite

52
src/patches/openssl-1.0.0-beta5-enginesdir.patch Normal file
View File

@@ -0,0 +1,52 @@
diff -up openssl-1.0.0-beta5/Configure.enginesdir openssl-1.0.0-beta5/Configure
--- openssl-1.0.0-beta5/Configure.enginesdir 2010-01-20 18:07:05.000000000 +0100
+++ openssl-1.0.0-beta5/Configure 2010-01-20 18:10:48.000000000 +0100
@@ -622,6 +622,7 @@ my $idx_multilib = $idx++;
my $prefix="";
my $libdir="";
my $openssldir="";
+my $enginesdir="";
my $exe_ext="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
@@ -833,6 +834,10 @@ PROCESS_ARGS:
{
$openssldir=$1;
}
+ elsif (/^--enginesdir=(.*)$/)
+ {
+ $enginesdir=$1;
+ }
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
@@ -1053,7 +1058,7 @@ chop $prefix if $prefix =~ /.\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
print "IsMK1MF=$IsMK1MF\n";
@@ -1673,7 +1678,7 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{
- my $foo = "$prefix/$libdir/engines";
+ my $foo = "$enginesdir";
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
diff -up openssl-1.0.0-beta5/engines/Makefile.enginesdir openssl-1.0.0-beta5/engines/Makefile
--- openssl-1.0.0-beta5/engines/Makefile.enginesdir 2010-01-16 21:06:09.000000000 +0100
+++ openssl-1.0.0-beta5/engines/Makefile 2010-01-20 18:07:05.000000000 +0100
@@ -124,7 +124,7 @@ install:
sfx=".so"; \
cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi

109
src/patches/openssl-1.0.1-beta2-build.patch Normal file
View File

@@ -0,0 +1,109 @@
diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
--- openssl-1.0.1-beta2/Configure.rpmbuild 2012-01-05 01:07:34.000000000 +0100
+++ openssl-1.0.1-beta2/Configure 2012-02-02 12:43:56.547409325 +0100
@@ -343,23 +343,23 @@ my %table=(
####
# *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# It's believed that majority of ARM toolchains predefine appropriate -march.
# If you compiler does not, do complement config command line with one!
-"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4", "gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
# /proc/cpuinfo. The idea is to preserve most significant bits of
@@ -373,16 +373,16 @@ my %table=(
# ldconfig and run-time linker to autodiscover. Unfortunately it
# doesn't work just yet, because of couple of bugs in glibc
# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
-"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
+"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::/highgprs",
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -396,8 +396,8 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
@@ -1678,7 +1678,7 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
}
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
{
diff -up openssl-1.0.1-beta2/Makefile.org.rpmbuild openssl-1.0.1-beta2/Makefile.org
--- openssl-1.0.1-beta2/Makefile.org.rpmbuild 2011-12-27 16:17:50.000000000 +0100
+++ openssl-1.0.1-beta2/Makefile.org 2012-02-02 12:30:23.652495435 +0100
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=
SHLIB_MINOR=
SHLIB_EXT=
+SHLIB_SONAMEVER=10
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=
@@ -333,10 +334,9 @@ clean-shared:
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET):
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \

712
src/patches/openssl-1.0.1e-cryptodev.patch Normal file
View File

@@ -0,0 +1,712 @@
Patch created by Michael Tremer <michael.tremer@ipfire.org> from
http://download.gna.org/cryptodev-linux/cryptodev-linux-1.6.tar.gz
diff -Nur openssl-1.0.1e-vanilla/crypto/cryptodev.h openssl-1.0.1e/crypto/cryptodev.h
--- openssl-1.0.1e-vanilla/crypto/cryptodev.h 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.1e/crypto/cryptodev.h 2013-12-25 14:27:20.907326820 +0000
@@ -0,0 +1,292 @@
+/* This is a source compatible implementation with the original API of
+ * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
+ * Placed under public domain */
+
+#ifndef L_CRYPTODEV_H
+#define L_CRYPTODEV_H
+
+#include <linux/types.h>
+#ifndef __KERNEL__
+#define __user
+#endif
+
+/* API extensions for linux */
+#define CRYPTO_HMAC_MAX_KEY_LEN 512
+#define CRYPTO_CIPHER_MAX_KEY_LEN 64
+
+/* All the supported algorithms
+ */
+enum cryptodev_crypto_op_t {
+ CRYPTO_DES_CBC = 1,
+ CRYPTO_3DES_CBC = 2,
+ CRYPTO_BLF_CBC = 3,
+ CRYPTO_CAST_CBC = 4,
+ CRYPTO_SKIPJACK_CBC = 5,
+ CRYPTO_MD5_HMAC = 6,
+ CRYPTO_SHA1_HMAC = 7,
+ CRYPTO_RIPEMD160_HMAC = 8,
+ CRYPTO_MD5_KPDK = 9,
+ CRYPTO_SHA1_KPDK = 10,
+ CRYPTO_RIJNDAEL128_CBC = 11,
+ CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC,
+ CRYPTO_ARC4 = 12,
+ CRYPTO_MD5 = 13,
+ CRYPTO_SHA1 = 14,
+ CRYPTO_DEFLATE_COMP = 15,
+ CRYPTO_NULL = 16,
+ CRYPTO_LZS_COMP = 17,
+ CRYPTO_SHA2_256_HMAC = 18,
+ CRYPTO_SHA2_384_HMAC = 19,
+ CRYPTO_SHA2_512_HMAC = 20,
+ CRYPTO_AES_CTR = 21,
+ CRYPTO_AES_XTS = 22,
+ CRYPTO_AES_ECB = 23,
+ CRYPTO_AES_GCM = 50,
+
+ CRYPTO_CAMELLIA_CBC = 101,
+ CRYPTO_RIPEMD160,
+ CRYPTO_SHA2_224,
+ CRYPTO_SHA2_256,
+ CRYPTO_SHA2_384,
+ CRYPTO_SHA2_512,
+ CRYPTO_SHA2_224_HMAC,
+ CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
+};
+
+#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1)
+
+/* Values for ciphers */
+#define DES_BLOCK_LEN 8
+#define DES3_BLOCK_LEN 8
+#define RIJNDAEL128_BLOCK_LEN 16
+#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
+#define CAMELLIA_BLOCK_LEN 16
+#define BLOWFISH_BLOCK_LEN 8
+#define SKIPJACK_BLOCK_LEN 8
+#define CAST128_BLOCK_LEN 8
+
+/* the maximum of the above */
+#define EALG_MAX_BLOCK_LEN 16
+
+/* Values for hashes/MAC */
+#define AALG_MAX_RESULT_LEN 64
+
+/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */
+#define CRYPTODEV_MAX_ALG_NAME 64
+
+#define HASH_MAX_LEN 64
+
+/* input of CIOCGSESSION */
+struct session_op {
+ /* Specify either cipher or mac
+ */
+ __u32 cipher; /* cryptodev_crypto_op_t */
+ __u32 mac; /* cryptodev_crypto_op_t */
+
+ __u32 keylen;
+ __u8 __user *key;
+ __u32 mackeylen;
+ __u8 __user *mackey;
+
+ __u32 ses; /* session identifier */
+};
+
+struct session_info_op {
+ __u32 ses; /* session identifier */
+
+ /* verbose names for the requested ciphers */
+ struct alg_info {
+ char cra_name[CRYPTODEV_MAX_ALG_NAME];
+ char cra_driver_name[CRYPTODEV_MAX_ALG_NAME];
+ } cipher_info, hash_info;
+
+ __u16 alignmask; /* alignment constraints */
+ __u32 flags; /* SIOP_FLAGS_* */
+};
+
+/* If this flag is set then this algorithm uses
+ * a driver only available in kernel (software drivers,
+ * or drivers based on instruction sets do not set this flag).
+ *
+ * If multiple algorithms are involved (as in AEAD case), then
+ * if one of them is kernel-driver-only this flag will be set.
+ */
+#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1
+
+#define COP_ENCRYPT 0
+#define COP_DECRYPT 1
+
+/* input of CIOCCRYPT */
+struct crypt_op {
+ __u32 ses; /* session identifier */
+ __u16 op; /* COP_ENCRYPT or COP_DECRYPT */
+ __u16 flags; /* see COP_FLAG_* */
+ __u32 len; /* length of source data */
+ __u8 __user *src; /* source data */
+ __u8 __user *dst; /* pointer to output data */
+ /* pointer to output data for hash/MAC operations */
+ __u8 __user *mac;
+ /* initialization vector for encryption operations */
+ __u8 __user *iv;
+};
+
+/* input of CIOCAUTHCRYPT */
+struct crypt_auth_op {
+ __u32 ses; /* session identifier */
+ __u16 op; /* COP_ENCRYPT or COP_DECRYPT */
+ __u16 flags; /* see COP_FLAG_AEAD_* */
+ __u32 len; /* length of source data */
+ __u32 auth_len; /* length of auth data */
+ __u8 __user *auth_src; /* authenticated-only data */
+
+ /* The current implementation is more efficient if data are
+ * encrypted in-place (src==dst). */
+ __u8 __user *src; /* data to be encrypted and authenticated */
+ __u8 __user *dst; /* pointer to output data. Must have
+ * space for tag. For TLS this should be at least
+ * len + tag_size + block_size for padding */
+
+ __u8 __user *tag; /* where the tag will be copied to. TLS mode
+ * doesn't use that as tag is copied to dst.
+ * SRTP mode copies tag there. */
+ __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */
+
+ /* initialization vector for encryption operations */
+ __u8 __user *iv;
+ __u32 iv_len;
+};
+
+/* In plain AEAD mode the following are required:
+ * flags : 0
+ * iv : the initialization vector (12 bytes)
+ * auth_len: the length of the data to be authenticated
+ * auth_src: the data to be authenticated
+ * len : length of data to be encrypted
+ * src : the data to be encrypted
+ * dst : space to hold encrypted data. It must have
+ * at least a size of len + tag_size.
+ * tag_size: the size of the desired authentication tag or zero to use
+ * the maximum tag output.
+ *
+ * Note tag isn't being used because the Linux AEAD interface
+ * copies the tag just after data.
+ */
+
+/* In TLS mode (used for CBC ciphers that required padding)
+ * the following are required:
+ * flags : COP_FLAG_AEAD_TLS_TYPE
+ * iv : the initialization vector
+ * auth_len: the length of the data to be authenticated only
+ * len : length of data to be encrypted
+ * auth_src: the data to be authenticated
+ * src : the data to be encrypted
+ * dst : space to hold encrypted data (preferably in-place). It must have
+ * at least a size of len + tag_size + blocksize.
+ * tag_size: the size of the desired authentication tag or zero to use
+ * the default mac output.
+ *
+ * Note that the padding used is the minimum padding.
+ */
+
+/* In SRTP mode the following are required:
+ * flags : COP_FLAG_AEAD_SRTP_TYPE
+ * iv : the initialization vector
+ * auth_len: the length of the data to be authenticated. This must
+ * include the SRTP header + SRTP payload (data to be encrypted) + rest
+ *
+ * len : length of data to be encrypted
+ * auth_src: pointer the data to be authenticated. Should point at the same buffer as src.
+ * src : pointer to the data to be encrypted.
+ * dst : This is mandatory to be the same as src (in-place only).
+ * tag_size: the size of the desired authentication tag or zero to use
+ * the default mac output.
+ * tag : Pointer to an address where the authentication tag will be copied.
+ */
+
+
+/* struct crypt_op flags */
+
+#define COP_FLAG_NONE (0 << 0) /* totally no flag */
+#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */
+#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */
+#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */
+#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */
+#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the
+ * TLS protocol rules */
+#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the
+ * SRTP protocol rules */
+#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state.
+ * should be used in combination
+ * with COP_FLAG_UPDATE */
+
+
+/* Stuff for bignum arithmetic and public key
+ * cryptography - not supported yet by linux
+ * cryptodev.
+ */
+
+#define CRYPTO_ALG_FLAG_SUPPORTED 1
+#define CRYPTO_ALG_FLAG_RNG_ENABLE 2
+#define CRYPTO_ALG_FLAG_DSA_SHA 4
+
+struct crparam {
+ __u8 *crp_p;
+ __u32 crp_nbits;
+};
+
+#define CRK_MAXPARAM 8
+
+/* input of CIOCKEY */
+struct crypt_kop {
+ __u32 crk_op; /* cryptodev_crk_ot_t */
+ __u32 crk_status;
+ __u16 crk_iparams;
+ __u16 crk_oparams;
+ __u32 crk_pad1;
+ struct crparam crk_param[CRK_MAXPARAM];
+};
+
+enum cryptodev_crk_op_t {
+ CRK_MOD_EXP = 0,
+ CRK_MOD_EXP_CRT = 1,
+ CRK_DSA_SIGN = 2,
+ CRK_DSA_VERIFY = 3,
+ CRK_DH_COMPUTE_KEY = 4,
+ CRK_ALGORITHM_ALL
+};
+
+#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1)
+
+/* features to be queried with CIOCASYMFEAT ioctl
+ */
+#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
+#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
+#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
+#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
+#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
+
+
+/* ioctl's. Compatible with old linux cryptodev.h
+ */
+#define CRIOGET _IOWR('c', 101, __u32)
+#define CIOCGSESSION _IOWR('c', 102, struct session_op)
+#define CIOCFSESSION _IOW('c', 103, __u32)
+#define CIOCCRYPT _IOWR('c', 104, struct crypt_op)
+#define CIOCKEY _IOWR('c', 105, struct crypt_kop)
+#define CIOCASYMFEAT _IOR('c', 106, __u32)
+#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op)
+
+/* to indicate that CRIOGET is not required in linux
+ */
+#define CRIOGET_NOT_NEEDED 1
+
+/* additional ioctls for AEAD */
+#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op)
+
+/* additional ioctls for asynchronous operation.
+ * These are conditionally enabled since version 1.6.
+ */
+#define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op)
+#define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
+
+#endif /* L_CRYPTODEV_H */
diff -Nur openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c openssl-1.0.1e/crypto/engine/eng_cryptodev.c
--- openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c 2013-02-11 15:26:04.000000000 +0000
+++ openssl-1.0.1e/crypto/engine/eng_cryptodev.c 2013-12-25 14:27:06.968877039 +0000
@@ -2,6 +2,7 @@
* Copyright (c) 2002 Bob Beck <beck@openbsd.org>
* Copyright (c) 2002 Theo de Raadt
* Copyright (c) 2002 Markus Friedl
+ * Copyright (c) 2012 Nikos Mavrogiannopoulos
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -74,8 +75,6 @@
int d_fd;
#ifdef USE_CRYPTODEV_DIGESTS
- char dummy_mac_key[HASH_MAX_LEN];
-
unsigned char digest_res[HASH_MAX_LEN];
char *mac_data;
int mac_len;
@@ -157,15 +156,21 @@
static struct {
int id;
int nid;
- int keylen;
+ int digestlen;
} digests[] = {
+#if 0
+ /* HMAC is not supported */
{ CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
{ CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
- { CRYPTO_MD5_KPDK, NID_undef, 0},
- { CRYPTO_SHA1_KPDK, NID_undef, 0},
+ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32},
+ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48},
+ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64},
+#endif
{ CRYPTO_MD5, NID_md5, 16},
{ CRYPTO_SHA1, NID_sha1, 20},
+ { CRYPTO_SHA2_256, NID_sha256, 32},
+ { CRYPTO_SHA2_384, NID_sha384, 48},
+ { CRYPTO_SHA2_512, NID_sha512, 64},
{ 0, NID_undef, 0},
};
#endif
@@ -243,13 +248,14 @@
static int nids[CRYPTO_ALGORITHM_MAX];
struct session_op sess;
int fd, i, count = 0;
+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
if ((fd = get_dev_crypto()) < 0) {
*cnids = NULL;
return (0);
}
memset(&sess, 0, sizeof(sess));
- sess.key = (caddr_t)"123456789abcdefghijklmno";
+ sess.key = (void*)fake_key;
for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
if (ciphers[i].nid == NID_undef)
@@ -281,6 +287,7 @@
get_cryptodev_digests(const int **cnids)
{
static int nids[CRYPTO_ALGORITHM_MAX];
+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
struct session_op sess;
int fd, i, count = 0;
@@ -289,12 +296,12 @@
return (0);
}
memset(&sess, 0, sizeof(sess));
- sess.mackey = (caddr_t)"123456789abcdefghijklmno";
+ sess.mackey = fake_key;
for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
if (digests[i].nid == NID_undef)
continue;
sess.mac = digests[i].id;
- sess.mackeylen = digests[i].keylen;
+ sess.mackeylen = 8;
sess.cipher = 0;
if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
@@ -382,14 +389,14 @@
cryp.ses = sess->ses;
cryp.flags = 0;
cryp.len = inl;
- cryp.src = (caddr_t) in;
- cryp.dst = (caddr_t) out;
+ cryp.src = (void*) in;
+ cryp.dst = (void*) out;
cryp.mac = 0;
cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
if (ctx->cipher->iv_len) {
- cryp.iv = (caddr_t) ctx->iv;
+ cryp.iv = (void*) ctx->iv;
if (!ctx->encrypt) {
iiv = in + inl - ctx->cipher->iv_len;
memcpy(save_iv, iiv, ctx->cipher->iv_len);
@@ -440,7 +447,7 @@
if ((state->d_fd = get_dev_crypto()) < 0)
return (0);
- sess->key = (caddr_t)key;
+ sess->key = (void*)key;
sess->keylen = ctx->key_len;
sess->cipher = cipher;
@@ -660,18 +667,6 @@
}
-static int
-digest_key_length(int nid)
-{
- int i;
-
- for (i = 0; digests[i].id; i++)
- if (digests[i].nid == nid)
- return digests[i].keylen;
- return (0);
-}
-
-
static int cryptodev_digest_init(EVP_MD_CTX *ctx)
{
struct dev_crypto_state *state = ctx->md_data;
@@ -682,7 +677,6 @@
printf("cryptodev_digest_init: Can't get digest \n");
return (0);
}
-
memset(state, 0, sizeof(struct dev_crypto_state));
if ((state->d_fd = get_dev_crypto()) < 0) {
@@ -690,8 +684,8 @@
return (0);
}
- sess->mackey = state->dummy_mac_key;
- sess->mackeylen = digest_key_length(ctx->digest->type);
+ sess->mackey = NULL;
+ sess->mackeylen = 0;
sess->mac = digest;
if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
@@ -707,8 +701,8 @@
static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
- struct crypt_op cryp;
struct dev_crypto_state *state = ctx->md_data;
+ struct crypt_op cryp;
struct session_op *sess = &state->d_sess;
if (!data || state->d_fd < 0) {
@@ -717,7 +711,7 @@
}
if (!count) {
- return (0);
+ return (1);
}
if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
@@ -740,9 +734,9 @@
cryp.ses = sess->ses;
cryp.flags = 0;
cryp.len = count;
- cryp.src = (caddr_t) data;
+ cryp.src = (void*) data;
cryp.dst = NULL;
- cryp.mac = (caddr_t) state->digest_res;
+ cryp.mac = (void*) state->digest_res;
if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
printf("cryptodev_digest_update: digest failed\n");
return (0);
@@ -757,8 +751,6 @@
struct dev_crypto_state *state = ctx->md_data;
struct session_op *sess = &state->d_sess;
- int ret = 1;
-
if (!md || state->d_fd < 0) {
printf("cryptodev_digest_final: illegal input\n");
return(0);
@@ -772,7 +764,7 @@
cryp.len = state->mac_len;
cryp.src = state->mac_data;
cryp.dst = NULL;
- cryp.mac = (caddr_t)md;
+ cryp.mac = (void*)md;
if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
printf("cryptodev_digest_final: digest failed\n");
return (0);
@@ -783,7 +775,7 @@
memcpy(md, state->digest_res, ctx->digest->md_size);
- return (ret);
+ return 1;
}
@@ -835,8 +827,8 @@
digest = digest_nid_to_cryptodev(to->digest->type);
- sess->mackey = dstate->dummy_mac_key;
- sess->mackeylen = digest_key_length(to->digest->type);
+ sess->mackey = NULL;
+ sess->mackeylen = 0;
sess->mac = digest;
dstate->d_fd = get_dev_crypto();
@@ -861,34 +853,117 @@
}
-const EVP_MD cryptodev_sha1 = {
+static const EVP_MD cryptodev_sha1 = {
NID_sha1,
- NID_undef,
+ NID_sha1WithRSAEncryption,
SHA_DIGEST_LENGTH,
+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
+ EVP_MD_FLAG_DIGALGID_ABSENT|
+#endif
EVP_MD_FLAG_ONESHOT,
cryptodev_digest_init,
cryptodev_digest_update,
cryptodev_digest_final,
cryptodev_digest_copy,
cryptodev_digest_cleanup,
- EVP_PKEY_NULL_method,
+ EVP_PKEY_RSA_method,
SHA_CBLOCK,
- sizeof(struct dev_crypto_state),
+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
+};
+
+static const EVP_MD cryptodev_sha256 = {
+ NID_sha256,
+ NID_sha256WithRSAEncryption,
+ SHA256_DIGEST_LENGTH,
+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
+ EVP_MD_FLAG_DIGALGID_ABSENT|
+#endif
+ EVP_MD_FLAG_ONESHOT,
+ cryptodev_digest_init,
+ cryptodev_digest_update,
+ cryptodev_digest_final,
+ cryptodev_digest_copy,
+ cryptodev_digest_cleanup,
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
+};
+static const EVP_MD cryptodev_sha224 = {
+ NID_sha224,
+ NID_sha224WithRSAEncryption,
+ SHA224_DIGEST_LENGTH,
+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
+ EVP_MD_FLAG_DIGALGID_ABSENT|
+#endif
+ EVP_MD_FLAG_ONESHOT,
+ cryptodev_digest_init,
+ cryptodev_digest_update,
+ cryptodev_digest_final,
+ cryptodev_digest_copy,
+ cryptodev_digest_cleanup,
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
+};
+
+static const EVP_MD cryptodev_sha384 = {
+ NID_sha384,
+ NID_sha384WithRSAEncryption,
+ SHA384_DIGEST_LENGTH,
+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
+ EVP_MD_FLAG_DIGALGID_ABSENT|
+#endif
+ EVP_MD_FLAG_ONESHOT,
+ cryptodev_digest_init,
+ cryptodev_digest_update,
+ cryptodev_digest_final,
+ cryptodev_digest_copy,
+ cryptodev_digest_cleanup,
+ EVP_PKEY_RSA_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
+};
+
+static const EVP_MD cryptodev_sha512 = {
+ NID_sha512,
+ NID_sha512WithRSAEncryption,
+ SHA512_DIGEST_LENGTH,
+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
+ EVP_MD_FLAG_DIGALGID_ABSENT|
+#endif
+ EVP_MD_FLAG_ONESHOT,
+ cryptodev_digest_init,
+ cryptodev_digest_update,
+ cryptodev_digest_final,
+ cryptodev_digest_copy,
+ cryptodev_digest_cleanup,
+ EVP_PKEY_RSA_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
};
-const EVP_MD cryptodev_md5 = {
+static const EVP_MD cryptodev_md5 = {
NID_md5,
- NID_undef,
+ NID_md5WithRSAEncryption,
16 /* MD5_DIGEST_LENGTH */,
+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
+ EVP_MD_FLAG_DIGALGID_ABSENT|
+#endif
EVP_MD_FLAG_ONESHOT,
cryptodev_digest_init,
cryptodev_digest_update,
cryptodev_digest_final,
cryptodev_digest_copy,
cryptodev_digest_cleanup,
- EVP_PKEY_NULL_method,
+ EVP_PKEY_RSA_method,
64 /* MD5_CBLOCK */,
- sizeof(struct dev_crypto_state),
+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
};
#endif /* USE_CRYPTODEV_DIGESTS */
@@ -909,6 +984,18 @@
case NID_sha1:
*digest = &cryptodev_sha1;
break;
+ case NID_sha224:
+ *digest = &cryptodev_sha224;
+ break;
+ case NID_sha256:
+ *digest = &cryptodev_sha256;
+ break;
+ case NID_sha384:
+ *digest = &cryptodev_sha384;
+ break;
+ case NID_sha512:
+ *digest = &cryptodev_sha512;
+ break;
default:
#endif /* USE_CRYPTODEV_DIGESTS */
*digest = NULL;
@@ -940,7 +1027,7 @@
return (1);
memset(b, 0, bytes);
- crp->crp_p = (caddr_t) b;
+ crp->crp_p = (void*) b;
crp->crp_nbits = bits;
for (i = 0, j = 0; i < a->top; i++) {
@@ -1193,7 +1280,7 @@
kop.crk_op = CRK_DSA_SIGN;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
- kop.crk_param[0].crp_p = (caddr_t)dgst;
+ kop.crk_param[0].crp_p = (void*)dgst;
kop.crk_param[0].crp_nbits = dlen * 8;
if (bn2crparam(dsa->p, &kop.crk_param[1]))
goto err;
@@ -1233,7 +1320,7 @@
kop.crk_op = CRK_DSA_VERIFY;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
- kop.crk_param[0].crp_p = (caddr_t)dgst;
+ kop.crk_param[0].crp_p = (void*)dgst;
kop.crk_param[0].crp_nbits = dlen * 8;
if (bn2crparam(dsa->p, &kop.crk_param[1]))
goto err;
@@ -1311,9 +1398,10 @@
goto err;
kop.crk_iparams = 3;
- kop.crk_param[3].crp_p = (caddr_t) key;
- kop.crk_param[3].crp_nbits = keylen * 8;
+ kop.crk_param[3].crp_p = (void*) key;
+ kop.crk_param[3].crp_nbits = keylen;
kop.crk_oparams = 1;
+ dhret = keylen/8;
if (ioctl(fd, CIOCKEY, &kop) == -1) {
const DH_METHOD *meth = DH_OpenSSL();
@@ -1385,7 +1473,7 @@
put_dev_crypto(fd);
if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+ !ENGINE_set_name(engine, "cryptodev engine") ||
!ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
!ENGINE_set_digests(engine, cryptodev_engine_digests) ||
!ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||

340
src/patches/openssl-1.0.1e-fix_parallel_build-1.patch Normal file
View File

@@ -0,0 +1,340 @@
Submitted By: Armin K. <krejzi at email dot com>
Date: 2013-05-05
Initial Package Version: 1.0.1e
Upstream Status: Unknown
Origin: https://github.com/Alexpux/Qt-builds/tree/master/patches/openssl
Description: Fixes build with make -jx, where x is greater than 1.
--- a/crypto/Makefile 2013-02-11 16:26:04.000000000 +0100
+++ b/crypto/Makefile 2013-05-05 20:06:34.872208113 +0200
@@ -86,11 +86,11 @@
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
subdirs:
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
- @target=files; $(RECURSIVE_MAKE)
+ +@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@@ -101,7 +101,7 @@
# lib: $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
@touch lib
-$(LIB): $(LIBOBJ)
+$(LIB): $(LIBOBJ) | subdirs
$(AR) $(LIB) $(LIBOBJ)
[ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
@@ -112,7 +112,7 @@
fi
libs:
- @target=lib; $(RECURSIVE_MAKE)
+ +@target=lib; $(RECURSIVE_MAKE)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@@ -121,7 +121,7 @@
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
lint:
@target=lint; $(RECURSIVE_MAKE)
--- a/engines/Makefile 2013-02-11 16:26:04.000000000 +0100
+++ b/engines/Makefile 2013-05-05 20:06:34.872208113 +0200
@@ -72,7 +72,7 @@
all: lib subdirs
-lib: $(LIBOBJ)
+lib: $(LIBOBJ) | subdirs
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
for l in $(LIBNAMES); do \
@@ -89,7 +89,7 @@
subdirs:
echo $(EDIRS)
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -128,7 +128,7 @@
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
tags:
ctags $(SRC)
--- a/Makefile.org 2013-02-11 16:26:04.000000000 +0100
+++ b/Makefile.org 2013-05-05 20:06:34.862207917 +0200
@@ -273,17 +273,17 @@
build_libs: build_crypto build_ssl build_engines
build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
- @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
- @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
- @dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
- @dir=tools; target=all; $(BUILD_ONE_CMD)
+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+ +@dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@@ -537,9 +537,9 @@
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-install: all install_docs install_sw
+install: install_docs install_sw
-install_sw:
+install_dirs:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
@@ -548,12 +548,19 @@
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+
+install_sw: install_dirs
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
@@ -633,12 +640,7 @@
done; \
done
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
+install_docs: install_dirs
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
--- a/Makefile.shared 2013-02-11 16:26:04.000000000 +0100
+++ b/Makefile.shared 2013-05-05 20:06:34.872208113 +0200
@@ -105,6 +105,7 @@
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
@@ -122,6 +123,7 @@
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
--- a/test/Makefile 2013-02-11 16:26:04.000000000 +0100
+++ b/test/Makefile 2013-05-05 20:06:34.872208113 +0200
@@ -124,7 +124,7 @@
tags:
ctags $(SRC)
-tests: exe apps $(TESTS)
+tests: exe $(TESTS)
apps:
@(cd ..; $(MAKE) DIRS=apps all)
@@ -365,109 +365,109 @@
link_app.$${shlib_target}
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
- @target=$(RSATEST); $(BUILD_CMD)
+ +@target=$(RSATEST); $(BUILD_CMD)
$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
- @target=$(BNTEST); $(BUILD_CMD)
+ +@target=$(BNTEST); $(BUILD_CMD)
$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
- @target=$(ECTEST); $(BUILD_CMD)
+ +@target=$(ECTEST); $(BUILD_CMD)
$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
- @target=$(EXPTEST); $(BUILD_CMD)
+ +@target=$(EXPTEST); $(BUILD_CMD)
$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
- @target=$(IDEATEST); $(BUILD_CMD)
+ +@target=$(IDEATEST); $(BUILD_CMD)
$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
- @target=$(MD2TEST); $(BUILD_CMD)
+ +@target=$(MD2TEST); $(BUILD_CMD)
$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
- @target=$(SHATEST); $(BUILD_CMD)
+ +@target=$(SHATEST); $(BUILD_CMD)
$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
- @target=$(SHA1TEST); $(BUILD_CMD)
+ +@target=$(SHA1TEST); $(BUILD_CMD)
$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
- @target=$(SHA256TEST); $(BUILD_CMD)
+ +@target=$(SHA256TEST); $(BUILD_CMD)
$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
- @target=$(SHA512TEST); $(BUILD_CMD)
+ +@target=$(SHA512TEST); $(BUILD_CMD)
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
- @target=$(RMDTEST); $(BUILD_CMD)
+ +@target=$(RMDTEST); $(BUILD_CMD)
$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
- @target=$(MDC2TEST); $(BUILD_CMD)
+ +@target=$(MDC2TEST); $(BUILD_CMD)
$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
- @target=$(MD4TEST); $(BUILD_CMD)
+ +@target=$(MD4TEST); $(BUILD_CMD)
$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
- @target=$(MD5TEST); $(BUILD_CMD)
+ +@target=$(MD5TEST); $(BUILD_CMD)
$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
- @target=$(HMACTEST); $(BUILD_CMD)
+ +@target=$(HMACTEST); $(BUILD_CMD)
$(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
- @target=$(WPTEST); $(BUILD_CMD)
+ +@target=$(WPTEST); $(BUILD_CMD)
$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
- @target=$(RC2TEST); $(BUILD_CMD)
+ +@target=$(RC2TEST); $(BUILD_CMD)
$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
- @target=$(BFTEST); $(BUILD_CMD)
+ +@target=$(BFTEST); $(BUILD_CMD)
$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
- @target=$(CASTTEST); $(BUILD_CMD)
+ +@target=$(CASTTEST); $(BUILD_CMD)
$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
- @target=$(RC4TEST); $(BUILD_CMD)
+ +@target=$(RC4TEST); $(BUILD_CMD)
$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
- @target=$(RC5TEST); $(BUILD_CMD)
+ +@target=$(RC5TEST); $(BUILD_CMD)
$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
- @target=$(DESTEST); $(BUILD_CMD)
+ +@target=$(DESTEST); $(BUILD_CMD)
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
- @target=$(RANDTEST); $(BUILD_CMD)
+ +@target=$(RANDTEST); $(BUILD_CMD)
$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
- @target=$(DHTEST); $(BUILD_CMD)
+ +@target=$(DHTEST); $(BUILD_CMD)
$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
- @target=$(DSATEST); $(BUILD_CMD)
+ +@target=$(DSATEST); $(BUILD_CMD)
$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
- @target=$(METHTEST); $(BUILD_CMD)
+ +@target=$(METHTEST); $(BUILD_CMD)
$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
- @target=$(ENGINETEST); $(BUILD_CMD)
+ +@target=$(ENGINETEST); $(BUILD_CMD)
$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
- @target=$(EVPTEST); $(BUILD_CMD)
+ +@target=$(EVPTEST); $(BUILD_CMD)
$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
- @target=$(ECDSATEST); $(BUILD_CMD)
+ +@target=$(ECDSATEST); $(BUILD_CMD)
$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
- @target=$(ECDHTEST); $(BUILD_CMD)
+ +@target=$(ECDHTEST); $(BUILD_CMD)
$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
- @target=$(IGETEST); $(BUILD_CMD)
+ +@target=$(IGETEST); $(BUILD_CMD)
$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
- @target=$(JPAKETEST); $(BUILD_CMD)
+ +@target=$(JPAKETEST); $(BUILD_CMD)
$(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
- @target=$(ASN1TEST); $(BUILD_CMD)
+ +@target=$(ASN1TEST); $(BUILD_CMD)
$(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
- @target=$(SRPTEST); $(BUILD_CMD)
+ +@target=$(SRPTEST); $(BUILD_CMD)
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
@@ -480,7 +480,7 @@
# fi
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
- @target=dummytest; $(BUILD_CMD)
+ +@target=dummytest; $(BUILD_CMD)
# DO NOT DELETE THIS LINE -- make depend depends on it.

393
src/patches/openssl-1.0.1e-fix_pod_syntax-1.patch Normal file
View File

@@ -0,0 +1,393 @@
Submitted By: Martin Ward <macros_the_black at ntlworld dot com>
Date: 2013-06-18
Initial Package Version: 1.0.1e
Upstream Status: Unknown
Origin: self, based on fedora
Description: Fixes install with perl-5.18.
diff -Naur openssl-1.0.1e.orig/doc/apps/cms.pod openssl-1.0.1e/doc/apps/cms.pod
--- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-06-06 14:35:15.867871879 +0100
+++ openssl-1.0.1e/doc/apps/cms.pod 2013-06-06 14:35:25.791747119 +0100
@@ -450,28 +450,28 @@
=over 4
-=item 0
+=item C<0>
the operation was completely successfully.
-=item 1
+=item C<1>
an error occurred parsing the command options.
-=item 2
+=item C<2>
one of the input files could not be read.
-=item 3
+=item C<3>
an error occurred creating the CMS file or when reading the MIME
message.
-=item 4
+=item C<4>
an error occurred decrypting or verifying the message.
-=item 5
+=item C<5>
the message was verified correctly but an error occurred writing out
the signers certificates.
diff -Naur openssl-1.0.1e.orig/doc/apps/smime.pod openssl-1.0.1e/doc/apps/smime.pod
--- openssl-1.0.1e.orig/doc/apps/smime.pod 2013-06-06 14:35:15.867871879 +0100
+++ openssl-1.0.1e/doc/apps/smime.pod 2013-06-06 14:35:25.794747082 +0100
@@ -308,28 +308,28 @@
=over 4
-=item 0
+=item C<0>
the operation was completely successfully.
-=item 1
+=item C<1>
an error occurred parsing the command options.
-=item 2
+=item C<2>
one of the input files could not be read.
-=item 3
+=item C<3>
an error occurred creating the PKCS#7 file or when reading the MIME
message.
-=item 4
+=item C<4>
an error occurred decrypting or verifying the message.
-=item 5
+=item C<5>
the message was verified correctly but an error occurred writing out
the signers certificates.
diff -Naur openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
--- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-06 14:35:15.874871791 +0100
+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-06 14:37:13.826388940 +0100
@@ -278,6 +278,8 @@
an application specific error. This will never be returned unless explicitly
set by an application.
+=back
+
=head1 NOTES
The above functions should be used instead of directly referencing the fields
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod openssl-1.0.1e/doc/ssl/SSL_accept.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-06-06 14:35:25.796747057 +0100
@@ -44,12 +44,12 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod openssl-1.0.1e/doc/ssl/SSL_clear.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-06-06 14:35:25.803746969 +0100
@@ -56,12 +56,12 @@
=over 4
-=item 0
+=item C<0>
The SSL_clear() operation could not be performed. Check the error stack to
find out the reason.
-=item 1
+=item C<1>
The SSL_clear() operation was successful.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-06 14:35:25.806746931 +0100
@@ -53,11 +53,11 @@
=over 4
-=item 0
+=item C<0>
The operation succeeded.
-=item 1
+=item C<1>
The operation failed. Check the error queue to find out the reason.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod openssl-1.0.1e/doc/ssl/SSL_connect.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod 2013-06-06 14:35:15.869871854 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-06-06 14:35:25.808746906 +0100
@@ -41,12 +41,12 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-06-06 14:35:25.816746805 +0100
@@ -52,13 +52,13 @@
=over 4
-=item 0
+=item C<0>
The operation failed. In case of the add operation, it was tried to add
the same (identical) session twice. In case of the remove operation, the
session was not found in the cache.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-06 14:35:25.818746780 +0100
@@ -100,13 +100,13 @@
=over 4
-=item 0
+=item C<0>
The operation failed because B<CAfile> and B<CApath> are NULL or the
processing at one of the locations specified failed. Check the error
stack to find out the reason.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-06 14:35:25.821746742 +0100
@@ -66,11 +66,11 @@
=over 4
-=item 1
+=item C<1>
The operation succeeded.
-=item 0
+=item C<0>
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-06 14:35:25.828746654 +0100
@@ -64,13 +64,13 @@
=over 4
-=item 0
+=item C<0>
The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
is logged to the error stack.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-06 14:35:25.831746617 +0100
@@ -42,11 +42,11 @@
=over 4
-=item 0
+=item C<0>
The new choice failed, check the error stack to find out the reason.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-06 14:36:42.456783309 +0100
@@ -81,6 +81,8 @@
Return values from the server callback are interpreted as follows:
+=over
+
=item > 0
PSK identity was found and the server callback has provided the PSK
@@ -94,9 +96,11 @@
connection will fail with decryption_error before it will be finished
completely.
-=item 0
+=item C<0>
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
+=back
+
=cut
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod 2013-06-06 14:35:15.869871854 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-06-06 14:35:25.839746516 +0100
@@ -45,12 +45,12 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_read.pod openssl-1.0.1e/doc/ssl/SSL_read.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-06-06 14:35:25.847746415 +0100
@@ -86,7 +86,7 @@
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
-=item 0
+=item C<0>
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod 2013-06-06 14:35:15.871871829 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-06-06 14:35:25.849746390 +0100
@@ -27,11 +27,11 @@
=over 4
-=item 0
+=item C<0>
A new session was negotiated.
-=item 1
+=item C<1>
A session was reused.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod 2013-06-06 14:35:15.869871854 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-06-06 14:35:25.852746353 +0100
@@ -35,11 +35,11 @@
=over 4
-=item 0
+=item C<0>
The operation failed. Check the error stack to find out why.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod openssl-1.0.1e/doc/ssl/SSL_set_session.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-06-06 14:35:25.855746315 +0100
@@ -37,11 +37,11 @@
=over 4
-=item 0
+=item C<0>
The operation failed; check the error stack to find out the reason.
-=item 1
+=item C<1>
The operation succeeded.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-06-06 14:35:25.857746290 +0100
@@ -92,12 +92,12 @@
=over 4
-=item 1
+=item C<1>
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
-=item 0
+=item C<0>
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
if a bidirectional shutdown shall be performed.
diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_write.pod openssl-1.0.1e/doc/ssl/SSL_write.pod
--- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod 2013-06-06 14:35:15.870871842 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-06-06 14:35:25.865746189 +0100
@@ -79,7 +79,7 @@
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
-=item 0
+=item C<0>
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,