This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 506e4b967127485c89272751b7d870a9bd4c7b47 (commit) via 498b3cd3a85f0f3aba3297cbf786a12fb26bf1f6 (commit) via a0297133a1f2a6f98efbe2eec353015e2316f45d (commit) via 03d4ff6007bd06868a7ea6ae4a113a043aa1087b (commit) from 9ffd1b35db13760ceab2b396230fbc40fa03caec (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 506e4b967127485c89272751b7d870a9bd4c7b47 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 19 16:04:35 2015 +0100
openssl: Rebase "disable SSLv2, SSLv3" patch
commit 498b3cd3a85f0f3aba3297cbf786a12fb26bf1f6 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 19 16:03:58 2015 +0100
openssl: Remove "fix parallel build" patch
commit a0297133a1f2a6f98efbe2eec353015e2316f45d Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 19 15:54:43 2015 +0100
openssl: Update weak-ciphers and build patches
commit 03d4ff6007bd06868a7ea6ae4a113a043aa1087b Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 19 15:47:13 2015 +0100
openssl: Remove support for cryptodev
The patches won't apply any more and there does not seem support from upstream for the latest versions of OpenSSL
-----------------------------------------------------------------------
Summary of changes: lfs/openssl | 14 +- lfs/openssl-compat | 9 +- src/patches/openssl-0.9.8u-cryptodev.patch | 882 --------------------- src/patches/openssl-1.0.1-beta2-build.patch | 109 --- src/patches/openssl-1.0.1e-cryptodev.patch | 712 ----------------- .../openssl-1.0.1e-fix_parallel_build-1.patch | 340 -------- src/patches/openssl-1.0.1e-rpmbuild.patch | 44 + src/patches/openssl-1.0.1e-weak-ciphers.patch | 12 - src/patches/openssl-1.0.1m-weak-ciphers.patch | 11 + src/patches/openssl-disable-sslv2-sslv3.patch | 25 +- 10 files changed, 79 insertions(+), 2079 deletions(-) delete mode 100644 src/patches/openssl-0.9.8u-cryptodev.patch delete mode 100644 src/patches/openssl-1.0.1-beta2-build.patch delete mode 100644 src/patches/openssl-1.0.1e-cryptodev.patch delete mode 100644 src/patches/openssl-1.0.1e-fix_parallel_build-1.patch create mode 100644 src/patches/openssl-1.0.1e-rpmbuild.patch delete mode 100644 src/patches/openssl-1.0.1e-weak-ciphers.patch create mode 100644 src/patches/openssl-1.0.1m-weak-ciphers.patch
Difference in files: diff --git a/lfs/openssl b/lfs/openssl index efc7236..588cf04 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -82,12 +82,14 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1-beta2-build.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-rpmbuild.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ # Apply our CFLAGS + cd $(DIR_APP) && sed -i Configure \ + -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" + cd $(DIR_APP) && find crypto/ -name Makefile -exec \ sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} ;
@@ -107,9 +109,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) no-rc5 \ no-srp \ $(CONFIGURE_ARGS) \ - -DSSL_FORBID_ENULL \ - -DHAVE_CRYPTODEV \ - -DUSE_CRYPTODEV_DIGEST + -DSSL_FORBID_ENULL
cd $(DIR_APP) && make depend cd $(DIR_APP) && make diff --git a/lfs/openssl-compat b/lfs/openssl-compat index 8206d33..ad5d664 100644 --- a/lfs/openssl-compat +++ b/lfs/openssl-compat @@ -71,9 +71,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8u-cryptodev.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ # Apply our CFLAGS + cd $(DIR_APP) && sed -i Configure \ + -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" + cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure
@@ -87,9 +90,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) zlib-dynamic \ no-engines \ no-asm 386 \ - -DSSL_FORBID_ENULL \ - -DHAVE_CRYPTODEV \ - -DUSE_CRYPTODEV_DIGEST + -DSSL_FORBID_ENULL
cd $(DIR_APP) && make depend cd $(DIR_APP) && make diff --git a/src/patches/openssl-0.9.8u-cryptodev.patch b/src/patches/openssl-0.9.8u-cryptodev.patch deleted file mode 100644 index 920648d..0000000 --- a/src/patches/openssl-0.9.8u-cryptodev.patch +++ /dev/null @@ -1,882 +0,0 @@ -diff -Naur openssl-0.9.8u.org/crypto/engine/eng_all.c openssl-0.9.8u/crypto/engine/eng_all.c ---- openssl-0.9.8u.org/crypto/engine/eng_all.c 2010-03-01 01:30:11.000000000 +0100 -+++ openssl-0.9.8u/crypto/engine/eng_all.c 2012-03-27 14:07:11.000000000 +0200 -@@ -113,7 +113,6 @@ - #endif - } - --#if defined(__OpenBSD__) || defined(__FreeBSD__) - void ENGINE_setup_bsd_cryptodev(void) { - static int bsd_cryptodev_default_loaded = 0; - if (!bsd_cryptodev_default_loaded) { -@@ -122,4 +121,3 @@ - } - bsd_cryptodev_default_loaded=1; - } --#endif -diff -Naur openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c openssl-0.9.8u/crypto/engine/eng_cryptodev.c ---- openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c 2012-03-06 14:22:32.000000000 +0100 -+++ openssl-0.9.8u/crypto/engine/eng_cryptodev.c 2012-03-27 14:02:59.000000000 +0200 -@@ -2,6 +2,7 @@ - * Copyright (c) 2002 Bob Beck beck@openbsd.org - * Copyright (c) 2002 Theo de Raadt - * Copyright (c) 2002 Markus Friedl -+ * Copyright (c) 2012 Nikos Mavrogiannopoulos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -30,10 +31,6 @@ - #include <openssl/engine.h> - #include <openssl/evp.h> - #include <openssl/bn.h> --#include <openssl/dsa.h> --#include <openssl/rsa.h> --#include <openssl/dh.h> --#include <openssl/err.h> - - #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ - (defined(OpenBSD) || defined(__FreeBSD__)) -@@ -59,6 +56,10 @@ - - #include <sys/types.h> - #include <crypto/cryptodev.h> -+#include <crypto/dh/dh.h> -+#include <crypto/dsa/dsa.h> -+#include <crypto/err/err.h> -+#include <crypto/rsa/rsa.h> - #include <sys/ioctl.h> - #include <errno.h> - #include <stdio.h> -@@ -72,6 +73,12 @@ - struct dev_crypto_state { - struct session_op d_sess; - int d_fd; -+ -+#ifdef USE_CRYPTODEV_DIGESTS -+ unsigned char digest_res[HASH_MAX_LEN]; -+ char *mac_data; -+ int mac_len; -+#endif - }; - - static u_int32_t cryptodev_asymfeat = 0; -@@ -79,15 +86,14 @@ - static int get_asym_dev_crypto(void); - static int open_dev_crypto(void); - static int get_dev_crypto(void); --static int cryptodev_max_iv(int cipher); --static int cryptodev_key_length_valid(int cipher, int len); --static int cipher_nid_to_cryptodev(int nid); - static int get_cryptodev_ciphers(const int **cnids); --/*static int get_cryptodev_digests(const int **cnids);*/ -+#ifdef USE_CRYPTODEV_DIGESTS -+static int get_cryptodev_digests(const int **cnids); -+#endif - static int cryptodev_usable_ciphers(const int **nids); - static int cryptodev_usable_digests(const int **nids); - static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl); -+ const unsigned char *in, size_t inl); - static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); -@@ -121,7 +127,7 @@ - static int cryptodev_dh_compute_key(unsigned char *key, - const BIGNUM *pub_key, DH *dh); - static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, -- void (*f)()); -+ void (*f)(void)); - void ENGINE_load_cryptodev(void); - - static const ENGINE_CMD_DEFN cryptodev_defns[] = { -@@ -134,27 +140,38 @@ - int ivmax; - int keylen; - } ciphers[] = { -+ { CRYPTO_ARC4, NID_rc4, 0, 16, }, - { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, - { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, - { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, -+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, -+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, - { 0, NID_undef, 0, 0, }, - }; - --#if 0 -+#ifdef USE_CRYPTODEV_DIGESTS - static struct { - int id; - int nid; -+ int digestlen; - } digests[] = { -- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, -- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, -- { CRYPTO_MD5_KPDK, NID_undef, }, -- { CRYPTO_SHA1_KPDK, NID_undef, }, -- { CRYPTO_MD5, NID_md5, }, -- { CRYPTO_SHA1, NID_undef, }, -- { 0, NID_undef, }, -+#if 0 -+ /* HMAC is not supported */ -+ { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, -+ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, -+ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, -+ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, -+ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, -+#endif -+ { CRYPTO_MD5, NID_md5, 16}, -+ { CRYPTO_SHA1, NID_sha1, 20}, -+ { CRYPTO_SHA2_256, NID_sha256, 32}, -+ { CRYPTO_SHA2_384, NID_sha384, 48}, -+ { CRYPTO_SHA2_512, NID_sha512, 64}, -+ { 0, NID_undef, 0}, - }; - #endif - -@@ -186,6 +203,7 @@ - - if ((fd = open_dev_crypto()) == -1) - return (-1); -+#ifndef CRIOGET_NOT_NEEDED - if (ioctl(fd, CRIOGET, &retfd) == -1) - return (-1); - -@@ -194,9 +212,19 @@ - close(retfd); - return (-1); - } -+#else -+ retfd = fd; -+#endif - return (retfd); - } - -+static void put_dev_crypto(int fd) -+{ -+#ifndef CRIOGET_NOT_NEEDED -+ close(fd); -+#endif -+} -+ - /* Caching version for asym operations */ - static int - get_asym_dev_crypto(void) -@@ -209,50 +237,6 @@ - } - - /* -- * XXXX this needs to be set for each alg - and determined from -- * a running card. -- */ --static int --cryptodev_max_iv(int cipher) --{ -- int i; -- -- for (i = 0; ciphers[i].id; i++) -- if (ciphers[i].id == cipher) -- return (ciphers[i].ivmax); -- return (0); --} -- --/* -- * XXXX this needs to be set for each alg - and determined from -- * a running card. For now, fake it out - but most of these -- * for real devices should return 1 for the supported key -- * sizes the device can handle. -- */ --static int --cryptodev_key_length_valid(int cipher, int len) --{ -- int i; -- -- for (i = 0; ciphers[i].id; i++) -- if (ciphers[i].id == cipher) -- return (ciphers[i].keylen == len); -- return (0); --} -- --/* convert libcrypto nids to cryptodev */ --static int --cipher_nid_to_cryptodev(int nid) --{ -- int i; -- -- for (i = 0; ciphers[i].id; i++) -- if (ciphers[i].nid == nid) -- return (ciphers[i].id); -- return (0); --} -- --/* - * Find out what ciphers /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL -@@ -264,13 +248,14 @@ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; - - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.key = (caddr_t)"123456781234567812345678"; -+ sess.key = (void*)fake_key; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) -@@ -282,7 +267,7 @@ - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = ciphers[i].nid; - } -- close(fd); -+ put_dev_crypto(fd); - - if (count > 0) - *cnids = nids; -@@ -291,7 +276,7 @@ - return (count); - } - --#if 0 /* unused */ -+#ifdef USE_CRYPTODEV_DIGESTS - /* - * Find out what digests /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! -@@ -302,6 +287,7 @@ - get_cryptodev_digests(const int **cnids) - { - static int nids[CRYPTO_ALGORITHM_MAX]; -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; - struct session_op sess; - int fd, i, count = 0; - -@@ -310,16 +296,18 @@ - return (0); - } - memset(&sess, 0, sizeof(sess)); -+ sess.mackey = fake_key; - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; -+ sess.mackeylen = 8; - sess.cipher = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = digests[i].nid; - } -- close(fd); -+ put_dev_crypto(fd); - - if (count > 0) - *cnids = nids; -@@ -327,8 +315,7 @@ - *cnids = NULL; - return (count); - } -- --#endif -+#endif /* 0 */ - - /* - * Find the useable ciphers|digests from dev/crypto - this is the first -@@ -360,6 +347,9 @@ - static int - cryptodev_usable_digests(const int **nids) - { -+#ifdef USE_CRYPTODEV_DIGESTS -+ return (get_cryptodev_digests(nids)); -+#else - /* - * XXXX just disable all digests for now, because it sucks. - * we need a better way to decide this - i.e. I may not -@@ -374,11 +364,12 @@ - */ - *nids = NULL; - return (0); -+#endif - } - - static int - cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, size_t inl) - { - struct crypt_op cryp; - struct dev_crypto_state *state = ctx->cipher_data; -@@ -398,14 +389,14 @@ - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; -+ cryp.src = (void*) in; -+ cryp.dst = (void*) out; - cryp.mac = 0; - - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - - if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; -+ cryp.iv = (void*) ctx->iv; - if (!ctx->encrypt) { - iiv = in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); -@@ -436,28 +427,32 @@ - { - struct dev_crypto_state *state = ctx->cipher_data; - struct session_op *sess = &state->d_sess; -- int cipher; -+ int cipher = -1, i; - -- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) -- return (0); -- -- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) -- return (0); -+ for (i = 0; ciphers[i].id; i++) -+ if (ctx->cipher->nid == ciphers[i].nid && -+ ctx->cipher->iv_len <= ciphers[i].ivmax && -+ ctx->key_len == ciphers[i].keylen) { -+ cipher = ciphers[i].id; -+ break; -+ } - -- if (!cryptodev_key_length_valid(cipher, ctx->key_len)) -+ if (!ciphers[i].id) { -+ state->d_fd = -1; - return (0); -+ } - - memset(sess, 0, sizeof(struct session_op)); - - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - -- sess->key = (char *)key; -+ sess->key = (void*)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; - - if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -- close(state->d_fd); -+ put_dev_crypto(state->d_fd); - state->d_fd = -1; - return (0); - } -@@ -494,7 +489,7 @@ - } else { - ret = 1; - } -- close(state->d_fd); -+ put_dev_crypto(state->d_fd); - state->d_fd = -1; - - return (ret); -@@ -505,6 +500,20 @@ - * gets called when libcrypto requests a cipher NID. - */ - -+/* RC4 */ -+const EVP_CIPHER cryptodev_rc4 = { -+ NID_rc4, -+ 1, 16, 0, -+ EVP_CIPH_VARIABLE_LENGTH, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ NULL, -+ NULL, -+ NULL -+}; -+ - /* DES CBC EVP */ - const EVP_CIPHER cryptodev_des_cbc = { - NID_des_cbc, -@@ -572,6 +581,32 @@ - NULL - }; - -+const EVP_CIPHER cryptodev_aes_192_cbc = { -+ NID_aes_192_cbc, -+ 16, 24, 16, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes_256_cbc = { -+ NID_aes_256_cbc, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ - /* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the -@@ -585,6 +620,9 @@ - return (cryptodev_usable_ciphers(nids)); - - switch (nid) { -+ case NID_rc4: -+ *cipher = &cryptodev_rc4; -+ break; - case NID_des_ede3_cbc: - *cipher = &cryptodev_3des_cbc; - break; -@@ -600,6 +638,12 @@ - case NID_aes_128_cbc: - *cipher = &cryptodev_aes_cbc; - break; -+ case NID_aes_192_cbc: -+ *cipher = &cryptodev_aes_192_cbc; -+ break; -+ case NID_aes_256_cbc: -+ *cipher = &cryptodev_aes_256_cbc; -+ break; - default: - *cipher = NULL; - break; -@@ -607,6 +651,286 @@ - return (*cipher != NULL); - } - -+ -+#ifdef USE_CRYPTODEV_DIGESTS -+ -+/* convert digest type to cryptodev */ -+static int -+digest_nid_to_cryptodev(int nid) -+{ -+ int i; -+ -+ for (i = 0; digests[i].id; i++) -+ if (digests[i].nid == nid) -+ return (digests[i].id); -+ return (0); -+} -+ -+ -+static int cryptodev_digest_init(EVP_MD_CTX *ctx) -+{ -+ struct dev_crypto_state *state = ctx->md_data; -+ struct session_op *sess = &state->d_sess; -+ int digest; -+ -+ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ -+ printf("cryptodev_digest_init: Can't get digest \n"); -+ return (0); -+ } -+ memset(state, 0, sizeof(struct dev_crypto_state)); -+ -+ if ((state->d_fd = get_dev_crypto()) < 0) { -+ printf("cryptodev_digest_init: Can't get Dev \n"); -+ return (0); -+ } -+ -+ sess->mackey = NULL; -+ sess->mackeylen = 0; -+ sess->mac = digest; -+ -+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; -+ printf("cryptodev_digest_init: Open session failed\n"); -+ return (0); -+ } -+ -+ return (1); -+} -+ -+static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, -+ size_t count) -+{ -+ struct dev_crypto_state *state = ctx->md_data; -+ struct crypt_op cryp; -+ struct session_op *sess = &state->d_sess; -+ -+ if (!data || state->d_fd < 0) { -+ printf("cryptodev_digest_update: illegal inputs \n"); -+ return (0); -+ } -+ -+ if (!count) { -+ return (1); -+ } -+ -+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { -+ /* if application doesn't support one buffer */ -+ state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); -+ -+ if (!state->mac_data) { -+ printf("cryptodev_digest_update: realloc failed\n"); -+ return (0); -+ } -+ -+ memcpy(state->mac_data + state->mac_len, data, count); -+ state->mac_len += count; -+ -+ return (1); -+ } -+ -+ memset(&cryp, 0, sizeof(cryp)); -+ -+ cryp.ses = sess->ses; -+ cryp.flags = 0; -+ cryp.len = count; -+ cryp.src = (void*) data; -+ cryp.dst = NULL; -+ cryp.mac = (void*) state->digest_res; -+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { -+ printf("cryptodev_digest_update: digest failed\n"); -+ return (0); -+ } -+ return (1); -+} -+ -+ -+static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ struct crypt_op cryp; -+ struct dev_crypto_state *state = ctx->md_data; -+ struct session_op *sess = &state->d_sess; -+ -+ if (!md || state->d_fd < 0) { -+ printf("cryptodev_digest_final: illegal input\n"); -+ return(0); -+ } -+ -+ if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { -+ /* if application doesn't support one buffer */ -+ memset(&cryp, 0, sizeof(cryp)); -+ cryp.ses = sess->ses; -+ cryp.flags = 0; -+ cryp.len = state->mac_len; -+ cryp.src = state->mac_data; -+ cryp.dst = NULL; -+ cryp.mac = (void*)md; -+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { -+ printf("cryptodev_digest_final: digest failed\n"); -+ return (0); -+ } -+ -+ return 1; -+ } -+ -+ memcpy(md, state->digest_res, ctx->digest->md_size); -+ -+ return 1; -+} -+ -+ -+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) -+{ -+ int ret = 1; -+ struct dev_crypto_state *state = ctx->md_data; -+ struct session_op *sess = &state->d_sess; -+ -+ if (state == NULL) -+ return 0; -+ -+ if (state->d_fd < 0) { -+ printf("cryptodev_digest_cleanup: illegal input\n"); -+ return (0); -+ } -+ -+ if (state->mac_data) { -+ OPENSSL_free(state->mac_data); -+ state->mac_data = NULL; -+ state->mac_len = 0; -+ } -+ -+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { -+ printf("cryptodev_digest_cleanup: failed to close session\n"); -+ ret = 0; -+ } else { -+ ret = 1; -+ } -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; -+ -+ return (ret); -+} -+ -+static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) -+{ -+ struct dev_crypto_state *fstate = from->md_data; -+ struct dev_crypto_state *dstate = to->md_data; -+ struct session_op *sess; -+ int digest; -+ -+ if (dstate == NULL || fstate == NULL) -+ return 1; -+ -+ memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); -+ -+ sess = &dstate->d_sess; -+ -+ digest = digest_nid_to_cryptodev(to->digest->type); -+ -+ sess->mackey = NULL; -+ sess->mackeylen = 0; -+ sess->mac = digest; -+ -+ dstate->d_fd = get_dev_crypto(); -+ -+ if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { -+ put_dev_crypto(dstate->d_fd); -+ dstate->d_fd = -1; -+ printf("cryptodev_digest_init: Open session failed\n"); -+ return (0); -+ } -+ -+ if (fstate->mac_len != 0) { -+ if (fstate->mac_data != NULL) -+ { -+ dstate->mac_data = OPENSSL_malloc(fstate->mac_len); -+ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); -+ dstate->mac_len = fstate->mac_len; -+ } -+ } -+ -+ return 1; -+} -+ -+ -+static const EVP_MD cryptodev_sha1 = { -+ NID_sha1, -+ NID_sha1WithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha256 = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA256_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha384 = { -+ NID_sha384, -+ NID_sha384WithRSAEncryption, -+ SHA384_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha512 = { -+ NID_sha512, -+ NID_sha512WithRSAEncryption, -+ SHA512_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_md5 = { -+ NID_md5, -+ NID_md5WithRSAEncryption, -+ 16 /* MD5_DIGEST_LENGTH */, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ 64 /* MD5_CBLOCK */, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+#endif /* USE_CRYPTODEV_DIGESTS */ -+ -+ - static int - cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) -@@ -615,10 +939,24 @@ - return (cryptodev_usable_digests(nids)); - - switch (nid) { -+#ifdef USE_CRYPTODEV_DIGESTS - case NID_md5: -- *digest = NULL; /* need to make a clean md5 critter */ -+ *digest = &cryptodev_md5; - break; -+ case NID_sha1: -+ *digest = &cryptodev_sha1; -+ break; -+ case NID_sha256: -+ *digest = &cryptodev_sha256; -+ break; -+ case NID_sha384: -+ *digest = &cryptodev_sha384; -+ break; -+ case NID_sha512: -+ *digest = &cryptodev_sha512; -+ break; - default: -+#endif /* USE_CRYPTODEV_DIGESTS */ - *digest = NULL; - break; - } -@@ -646,8 +984,9 @@ - b = malloc(bytes); - if (b == NULL) - return (1); -+ memset(b, 0, bytes); - -- crp->crp_p = (char *)b; -+ crp->crp_p = (void*) b; - crp->crp_nbits = bits; - - for (i = 0, j = 0; i < a->top; i++) { -@@ -690,7 +1029,7 @@ - { - int i; - -- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { -+ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { - if (kop->crk_param[i].crp_p) - free(kop->crk_param[i].crp_p); - kop->crk_param[i].crp_p = NULL; -@@ -776,8 +1115,9 @@ - cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - { - int r; -- -+ ctx = BN_CTX_new(); - r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); -+ BN_CTX_free(ctx); - return (r); - } - -@@ -899,7 +1239,7 @@ - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -+ kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -939,7 +1279,7 @@ - kop.crk_op = CRK_DSA_VERIFY; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -+ kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -1017,7 +1357,7 @@ - goto err; - kop.crk_iparams = 3; - -- kop.crk_param[3].crp_p = (char *)key; -+ kop.crk_param[3].crp_p = (void*) key; - kop.crk_param[3].crp_nbits = keylen * 8; - kop.crk_oparams = 1; - -@@ -1048,7 +1388,7 @@ - * but I expect we'll want some options soon. - */ - static int --cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) -+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) - { - #ifdef HAVE_SYSLOG_R - struct syslog_data sd = SYSLOG_DATA_INIT; -@@ -1084,14 +1424,14 @@ - * find out what asymmetric crypto algorithms we support - */ - if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { -- close(fd); -+ put_dev_crypto(fd); - ENGINE_free(engine); - return; - } -- close(fd); -+ put_dev_crypto(fd); - - if (!ENGINE_set_id(engine, "cryptodev") || -- !ENGINE_set_name(engine, "BSD cryptodev engine") || -+ !ENGINE_set_name(engine, "cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || - !ENGINE_set_digests(engine, cryptodev_engine_digests) || - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || -diff -Naur openssl-0.9.8u.org/crypto/engine/engine.h openssl-0.9.8u/crypto/engine/engine.h ---- openssl-0.9.8u.org/crypto/engine/engine.h 2010-02-09 15:18:15.000000000 +0100 -+++ openssl-0.9.8u/crypto/engine/engine.h 2012-03-27 14:05:15.000000000 +0200 -@@ -705,9 +705,7 @@ - * values. */ - void *ENGINE_get_static_state(void); - --#if defined(__OpenBSD__) || defined(__FreeBSD__) - void ENGINE_setup_bsd_cryptodev(void); --#endif - - /* BEGIN ERROR CODES */ - /* The following lines are auto generated by the script mkerr.pl. Any changes -diff -Naur openssl-0.9.8u.org/crypto/evp/c_all.c openssl-0.9.8u/crypto/evp/c_all.c ---- openssl-0.9.8u.org/crypto/evp/c_all.c 2004-08-29 18:36:04.000000000 +0200 -+++ openssl-0.9.8u/crypto/evp/c_all.c 2012-03-27 14:05:15.000000000 +0200 -@@ -83,8 +83,6 @@ - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); - #ifndef OPENSSL_NO_ENGINE --# if defined(__OpenBSD__) || defined(__FreeBSD__) - ENGINE_setup_bsd_cryptodev(); --# endif - #endif - } diff --git a/src/patches/openssl-1.0.1-beta2-build.patch b/src/patches/openssl-1.0.1-beta2-build.patch deleted file mode 100644 index 0a5cef1..0000000 --- a/src/patches/openssl-1.0.1-beta2-build.patch +++ /dev/null @@ -1,109 +0,0 @@ -diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure ---- openssl-1.0.1-beta2/Configure.rpmbuild 2012-01-05 01:07:34.000000000 +0100 -+++ openssl-1.0.1-beta2/Configure 2012-02-02 12:43:56.547409325 +0100 -@@ -343,23 +343,23 @@ my %table=( - #### - # *-generic* is endian-neutral target, but ./config is free to - # throw in -D[BL]_ENDIAN, whichever appropriate... --"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-generic32","gcc:-DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", -+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - # It's believed that majority of ARM toolchains predefine appropriate -march. - # If you compiler does not, do complement config command line with one! --"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-armv4", "gcc:-DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - #### IA-32 targets... - "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", - #### --"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", --"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-generic64","gcc:-DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", -+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", -+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", --"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", -+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", -+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", - #### So called "highgprs" target for z/Architecture CPUs - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see - # /proc/cpuinfo. The idea is to preserve most significant bits of -@@ -373,16 +373,16 @@ my %table=( - # ldconfig and run-time linker to autodiscover. Unfortunately it - # doesn't work just yet, because of couple of bugs in glibc - # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... --"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn-s390x.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::/highgprs", -+"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn-s390x.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::/highgprs", - #### SPARC Linux setups - # Ray Miller ray.miller@computing-services.oxford.ac.uk has patiently - # assisted with debugging of following two configs. --"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - # it's a real mess with -mcpu=ultrasparc option under Linux, but - # -Wa,-Av8plus should do the trick no matter what. --"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - # GCC 3.1 is a requirement --"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", -+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", - #### Alpha Linux with GNU C and Compaq C setups - # Special notes: - # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -@@ -396,8 +396,8 @@ my %table=( - # - # appro@fy.chalmers.se - # --"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", -+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - -@@ -1678,7 +1678,7 @@ while (<IN>) - elsif ($shared_extension ne "" && $shared_extension =~ /^.s([ol]).[^.]*.[^.]*$/) - { - my $sotmp = $1; -- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_MAJOR) .s$sotmp/; -+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_SONAMEVER) .s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^.[^.]*.[^.]*.dylib$/) - { -diff -up openssl-1.0.1-beta2/Makefile.org.rpmbuild openssl-1.0.1-beta2/Makefile.org ---- openssl-1.0.1-beta2/Makefile.org.rpmbuild 2011-12-27 16:17:50.000000000 +0100 -+++ openssl-1.0.1-beta2/Makefile.org 2012-02-02 12:30:23.652495435 +0100 -@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= - SHLIB_MAJOR= - SHLIB_MINOR= - SHLIB_EXT= -+SHLIB_SONAMEVER=10 - PLATFORM=dist - OPTIONS= - CONFIGURE_ARGS= -@@ -333,10 +334,9 @@ clean-shared: - link-shared: - @ set -e; for i in $(SHLIBDIRS); do \ - $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ -- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ -+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - symlink.$(SHLIB_TARGET); \ -- libs="$$libs -l$$i"; \ - done - - build-shared: do_$(SHLIB_TARGET) link-shared -@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET): - libs="$(LIBKRB5) $$libs"; \ - fi; \ - $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ -- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ -+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - LIBDEPS="$$libs $(EX_LIBS)" \ - link_a.$(SHLIB_TARGET); \ diff --git a/src/patches/openssl-1.0.1e-cryptodev.patch b/src/patches/openssl-1.0.1e-cryptodev.patch deleted file mode 100644 index 29b6f77..0000000 --- a/src/patches/openssl-1.0.1e-cryptodev.patch +++ /dev/null @@ -1,712 +0,0 @@ -Patch created by Michael Tremer michael.tremer@ipfire.org from - http://download.gna.org/cryptodev-linux/cryptodev-linux-1.6.tar.gz - -diff -Nur openssl-1.0.1e-vanilla/crypto/cryptodev.h openssl-1.0.1e/crypto/cryptodev.h ---- openssl-1.0.1e-vanilla/crypto/cryptodev.h 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1e/crypto/cryptodev.h 2013-12-25 14:27:20.907326820 +0000 -@@ -0,0 +1,292 @@ -+/* This is a source compatible implementation with the original API of -+ * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. -+ * Placed under public domain */ -+ -+#ifndef L_CRYPTODEV_H -+#define L_CRYPTODEV_H -+ -+#include <linux/types.h> -+#ifndef __KERNEL__ -+#define __user -+#endif -+ -+/* API extensions for linux */ -+#define CRYPTO_HMAC_MAX_KEY_LEN 512 -+#define CRYPTO_CIPHER_MAX_KEY_LEN 64 -+ -+/* All the supported algorithms -+ */ -+enum cryptodev_crypto_op_t { -+ CRYPTO_DES_CBC = 1, -+ CRYPTO_3DES_CBC = 2, -+ CRYPTO_BLF_CBC = 3, -+ CRYPTO_CAST_CBC = 4, -+ CRYPTO_SKIPJACK_CBC = 5, -+ CRYPTO_MD5_HMAC = 6, -+ CRYPTO_SHA1_HMAC = 7, -+ CRYPTO_RIPEMD160_HMAC = 8, -+ CRYPTO_MD5_KPDK = 9, -+ CRYPTO_SHA1_KPDK = 10, -+ CRYPTO_RIJNDAEL128_CBC = 11, -+ CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC, -+ CRYPTO_ARC4 = 12, -+ CRYPTO_MD5 = 13, -+ CRYPTO_SHA1 = 14, -+ CRYPTO_DEFLATE_COMP = 15, -+ CRYPTO_NULL = 16, -+ CRYPTO_LZS_COMP = 17, -+ CRYPTO_SHA2_256_HMAC = 18, -+ CRYPTO_SHA2_384_HMAC = 19, -+ CRYPTO_SHA2_512_HMAC = 20, -+ CRYPTO_AES_CTR = 21, -+ CRYPTO_AES_XTS = 22, -+ CRYPTO_AES_ECB = 23, -+ CRYPTO_AES_GCM = 50, -+ -+ CRYPTO_CAMELLIA_CBC = 101, -+ CRYPTO_RIPEMD160, -+ CRYPTO_SHA2_224, -+ CRYPTO_SHA2_256, -+ CRYPTO_SHA2_384, -+ CRYPTO_SHA2_512, -+ CRYPTO_SHA2_224_HMAC, -+ CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ -+}; -+ -+#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1) -+ -+/* Values for ciphers */ -+#define DES_BLOCK_LEN 8 -+#define DES3_BLOCK_LEN 8 -+#define RIJNDAEL128_BLOCK_LEN 16 -+#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN -+#define CAMELLIA_BLOCK_LEN 16 -+#define BLOWFISH_BLOCK_LEN 8 -+#define SKIPJACK_BLOCK_LEN 8 -+#define CAST128_BLOCK_LEN 8 -+ -+/* the maximum of the above */ -+#define EALG_MAX_BLOCK_LEN 16 -+ -+/* Values for hashes/MAC */ -+#define AALG_MAX_RESULT_LEN 64 -+ -+/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */ -+#define CRYPTODEV_MAX_ALG_NAME 64 -+ -+#define HASH_MAX_LEN 64 -+ -+/* input of CIOCGSESSION */ -+struct session_op { -+ /* Specify either cipher or mac -+ */ -+ __u32 cipher; /* cryptodev_crypto_op_t */ -+ __u32 mac; /* cryptodev_crypto_op_t */ -+ -+ __u32 keylen; -+ __u8 __user *key; -+ __u32 mackeylen; -+ __u8 __user *mackey; -+ -+ __u32 ses; /* session identifier */ -+}; -+ -+struct session_info_op { -+ __u32 ses; /* session identifier */ -+ -+ /* verbose names for the requested ciphers */ -+ struct alg_info { -+ char cra_name[CRYPTODEV_MAX_ALG_NAME]; -+ char cra_driver_name[CRYPTODEV_MAX_ALG_NAME]; -+ } cipher_info, hash_info; -+ -+ __u16 alignmask; /* alignment constraints */ -+ __u32 flags; /* SIOP_FLAGS_* */ -+}; -+ -+/* If this flag is set then this algorithm uses -+ * a driver only available in kernel (software drivers, -+ * or drivers based on instruction sets do not set this flag). -+ * -+ * If multiple algorithms are involved (as in AEAD case), then -+ * if one of them is kernel-driver-only this flag will be set. -+ */ -+#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1 -+ -+#define COP_ENCRYPT 0 -+#define COP_DECRYPT 1 -+ -+/* input of CIOCCRYPT */ -+struct crypt_op { -+ __u32 ses; /* session identifier */ -+ __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ -+ __u16 flags; /* see COP_FLAG_* */ -+ __u32 len; /* length of source data */ -+ __u8 __user *src; /* source data */ -+ __u8 __user *dst; /* pointer to output data */ -+ /* pointer to output data for hash/MAC operations */ -+ __u8 __user *mac; -+ /* initialization vector for encryption operations */ -+ __u8 __user *iv; -+}; -+ -+/* input of CIOCAUTHCRYPT */ -+struct crypt_auth_op { -+ __u32 ses; /* session identifier */ -+ __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ -+ __u16 flags; /* see COP_FLAG_AEAD_* */ -+ __u32 len; /* length of source data */ -+ __u32 auth_len; /* length of auth data */ -+ __u8 __user *auth_src; /* authenticated-only data */ -+ -+ /* The current implementation is more efficient if data are -+ * encrypted in-place (src==dst). */ -+ __u8 __user *src; /* data to be encrypted and authenticated */ -+ __u8 __user *dst; /* pointer to output data. Must have -+ * space for tag. For TLS this should be at least -+ * len + tag_size + block_size for padding */ -+ -+ __u8 __user *tag; /* where the tag will be copied to. TLS mode -+ * doesn't use that as tag is copied to dst. -+ * SRTP mode copies tag there. */ -+ __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */ -+ -+ /* initialization vector for encryption operations */ -+ __u8 __user *iv; -+ __u32 iv_len; -+}; -+ -+/* In plain AEAD mode the following are required: -+ * flags : 0 -+ * iv : the initialization vector (12 bytes) -+ * auth_len: the length of the data to be authenticated -+ * auth_src: the data to be authenticated -+ * len : length of data to be encrypted -+ * src : the data to be encrypted -+ * dst : space to hold encrypted data. It must have -+ * at least a size of len + tag_size. -+ * tag_size: the size of the desired authentication tag or zero to use -+ * the maximum tag output. -+ * -+ * Note tag isn't being used because the Linux AEAD interface -+ * copies the tag just after data. -+ */ -+ -+/* In TLS mode (used for CBC ciphers that required padding) -+ * the following are required: -+ * flags : COP_FLAG_AEAD_TLS_TYPE -+ * iv : the initialization vector -+ * auth_len: the length of the data to be authenticated only -+ * len : length of data to be encrypted -+ * auth_src: the data to be authenticated -+ * src : the data to be encrypted -+ * dst : space to hold encrypted data (preferably in-place). It must have -+ * at least a size of len + tag_size + blocksize. -+ * tag_size: the size of the desired authentication tag or zero to use -+ * the default mac output. -+ * -+ * Note that the padding used is the minimum padding. -+ */ -+ -+/* In SRTP mode the following are required: -+ * flags : COP_FLAG_AEAD_SRTP_TYPE -+ * iv : the initialization vector -+ * auth_len: the length of the data to be authenticated. This must -+ * include the SRTP header + SRTP payload (data to be encrypted) + rest -+ * -+ * len : length of data to be encrypted -+ * auth_src: pointer the data to be authenticated. Should point at the same buffer as src. -+ * src : pointer to the data to be encrypted. -+ * dst : This is mandatory to be the same as src (in-place only). -+ * tag_size: the size of the desired authentication tag or zero to use -+ * the default mac output. -+ * tag : Pointer to an address where the authentication tag will be copied. -+ */ -+ -+ -+/* struct crypt_op flags */ -+ -+#define COP_FLAG_NONE (0 << 0) /* totally no flag */ -+#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */ -+#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */ -+#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */ -+#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */ -+#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the -+ * TLS protocol rules */ -+#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the -+ * SRTP protocol rules */ -+#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state. -+ * should be used in combination -+ * with COP_FLAG_UPDATE */ -+ -+ -+/* Stuff for bignum arithmetic and public key -+ * cryptography - not supported yet by linux -+ * cryptodev. -+ */ -+ -+#define CRYPTO_ALG_FLAG_SUPPORTED 1 -+#define CRYPTO_ALG_FLAG_RNG_ENABLE 2 -+#define CRYPTO_ALG_FLAG_DSA_SHA 4 -+ -+struct crparam { -+ __u8 *crp_p; -+ __u32 crp_nbits; -+}; -+ -+#define CRK_MAXPARAM 8 -+ -+/* input of CIOCKEY */ -+struct crypt_kop { -+ __u32 crk_op; /* cryptodev_crk_ot_t */ -+ __u32 crk_status; -+ __u16 crk_iparams; -+ __u16 crk_oparams; -+ __u32 crk_pad1; -+ struct crparam crk_param[CRK_MAXPARAM]; -+}; -+ -+enum cryptodev_crk_op_t { -+ CRK_MOD_EXP = 0, -+ CRK_MOD_EXP_CRT = 1, -+ CRK_DSA_SIGN = 2, -+ CRK_DSA_VERIFY = 3, -+ CRK_DH_COMPUTE_KEY = 4, -+ CRK_ALGORITHM_ALL -+}; -+ -+#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1) -+ -+/* features to be queried with CIOCASYMFEAT ioctl -+ */ -+#define CRF_MOD_EXP (1 << CRK_MOD_EXP) -+#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) -+#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) -+#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) -+#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) -+ -+ -+/* ioctl's. Compatible with old linux cryptodev.h -+ */ -+#define CRIOGET _IOWR('c', 101, __u32) -+#define CIOCGSESSION _IOWR('c', 102, struct session_op) -+#define CIOCFSESSION _IOW('c', 103, __u32) -+#define CIOCCRYPT _IOWR('c', 104, struct crypt_op) -+#define CIOCKEY _IOWR('c', 105, struct crypt_kop) -+#define CIOCASYMFEAT _IOR('c', 106, __u32) -+#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op) -+ -+/* to indicate that CRIOGET is not required in linux -+ */ -+#define CRIOGET_NOT_NEEDED 1 -+ -+/* additional ioctls for AEAD */ -+#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op) -+ -+/* additional ioctls for asynchronous operation. -+ * These are conditionally enabled since version 1.6. -+ */ -+#define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) -+#define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) -+ -+#endif /* L_CRYPTODEV_H */ -diff -Nur openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c openssl-1.0.1e/crypto/engine/eng_cryptodev.c ---- openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c 2013-02-11 15:26:04.000000000 +0000 -+++ openssl-1.0.1e/crypto/engine/eng_cryptodev.c 2013-12-25 14:27:06.968877039 +0000 -@@ -2,6 +2,7 @@ - * Copyright (c) 2002 Bob Beck beck@openbsd.org - * Copyright (c) 2002 Theo de Raadt - * Copyright (c) 2002 Markus Friedl -+ * Copyright (c) 2012 Nikos Mavrogiannopoulos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -74,8 +75,6 @@ - int d_fd; - - #ifdef USE_CRYPTODEV_DIGESTS -- char dummy_mac_key[HASH_MAX_LEN]; -- - unsigned char digest_res[HASH_MAX_LEN]; - char *mac_data; - int mac_len; -@@ -157,15 +156,21 @@ - static struct { - int id; - int nid; -- int keylen; -+ int digestlen; - } digests[] = { -+#if 0 -+ /* HMAC is not supported */ - { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, -- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, -- { CRYPTO_MD5_KPDK, NID_undef, 0}, -- { CRYPTO_SHA1_KPDK, NID_undef, 0}, -+ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, -+ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, -+ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, -+#endif - { CRYPTO_MD5, NID_md5, 16}, - { CRYPTO_SHA1, NID_sha1, 20}, -+ { CRYPTO_SHA2_256, NID_sha256, 32}, -+ { CRYPTO_SHA2_384, NID_sha384, 48}, -+ { CRYPTO_SHA2_512, NID_sha512, 64}, - { 0, NID_undef, 0}, - }; - #endif -@@ -243,13 +248,14 @@ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; - - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.key = (caddr_t)"123456789abcdefghijklmno"; -+ sess.key = (void*)fake_key; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) -@@ -281,6 +287,7 @@ - get_cryptodev_digests(const int **cnids) - { - static int nids[CRYPTO_ALGORITHM_MAX]; -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; - struct session_op sess; - int fd, i, count = 0; - -@@ -289,12 +296,12 @@ - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.mackey = (caddr_t)"123456789abcdefghijklmno"; -+ sess.mackey = fake_key; - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; -- sess.mackeylen = digests[i].keylen; -+ sess.mackeylen = 8; - sess.cipher = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -@@ -382,14 +389,14 @@ - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; -+ cryp.src = (void*) in; -+ cryp.dst = (void*) out; - cryp.mac = 0; - - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - - if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; -+ cryp.iv = (void*) ctx->iv; - if (!ctx->encrypt) { - iiv = in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); -@@ -440,7 +447,7 @@ - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - -- sess->key = (caddr_t)key; -+ sess->key = (void*)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; - -@@ -660,18 +667,6 @@ - } - - --static int --digest_key_length(int nid) --{ -- int i; -- -- for (i = 0; digests[i].id; i++) -- if (digests[i].nid == nid) -- return digests[i].keylen; -- return (0); --} -- -- - static int cryptodev_digest_init(EVP_MD_CTX *ctx) - { - struct dev_crypto_state *state = ctx->md_data; -@@ -682,7 +677,6 @@ - printf("cryptodev_digest_init: Can't get digest \n"); - return (0); - } -- - memset(state, 0, sizeof(struct dev_crypto_state)); - - if ((state->d_fd = get_dev_crypto()) < 0) { -@@ -690,8 +684,8 @@ - return (0); - } - -- sess->mackey = state->dummy_mac_key; -- sess->mackeylen = digest_key_length(ctx->digest->type); -+ sess->mackey = NULL; -+ sess->mackeylen = 0; - sess->mac = digest; - - if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { -@@ -707,8 +701,8 @@ - static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - size_t count) - { -- struct crypt_op cryp; - struct dev_crypto_state *state = ctx->md_data; -+ struct crypt_op cryp; - struct session_op *sess = &state->d_sess; - - if (!data || state->d_fd < 0) { -@@ -717,7 +711,7 @@ - } - - if (!count) { -- return (0); -+ return (1); - } - - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { -@@ -740,9 +734,9 @@ - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = count; -- cryp.src = (caddr_t) data; -+ cryp.src = (void*) data; - cryp.dst = NULL; -- cryp.mac = (caddr_t) state->digest_res; -+ cryp.mac = (void*) state->digest_res; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_update: digest failed\n"); - return (0); -@@ -757,8 +751,6 @@ - struct dev_crypto_state *state = ctx->md_data; - struct session_op *sess = &state->d_sess; - -- int ret = 1; -- - if (!md || state->d_fd < 0) { - printf("cryptodev_digest_final: illegal input\n"); - return(0); -@@ -772,7 +764,7 @@ - cryp.len = state->mac_len; - cryp.src = state->mac_data; - cryp.dst = NULL; -- cryp.mac = (caddr_t)md; -+ cryp.mac = (void*)md; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_final: digest failed\n"); - return (0); -@@ -783,7 +775,7 @@ - - memcpy(md, state->digest_res, ctx->digest->md_size); - -- return (ret); -+ return 1; - } - - -@@ -835,8 +827,8 @@ - - digest = digest_nid_to_cryptodev(to->digest->type); - -- sess->mackey = dstate->dummy_mac_key; -- sess->mackeylen = digest_key_length(to->digest->type); -+ sess->mackey = NULL; -+ sess->mackeylen = 0; - sess->mac = digest; - - dstate->d_fd = get_dev_crypto(); -@@ -861,34 +853,117 @@ - } - - --const EVP_MD cryptodev_sha1 = { -+static const EVP_MD cryptodev_sha1 = { - NID_sha1, -- NID_undef, -+ NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif - EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, -- EVP_PKEY_NULL_method, -+ EVP_PKEY_RSA_method, - SHA_CBLOCK, -- sizeof(struct dev_crypto_state), -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha256 = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA256_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+static const EVP_MD cryptodev_sha224 = { -+ NID_sha224, -+ NID_sha224WithRSAEncryption, -+ SHA224_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA256_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha384 = { -+ NID_sha384, -+ NID_sha384WithRSAEncryption, -+ SHA384_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha512 = { -+ NID_sha512, -+ NID_sha512WithRSAEncryption, -+ SHA512_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), - }; - --const EVP_MD cryptodev_md5 = { -+static const EVP_MD cryptodev_md5 = { - NID_md5, -- NID_undef, -+ NID_md5WithRSAEncryption, - 16 /* MD5_DIGEST_LENGTH */, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif - EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, -- EVP_PKEY_NULL_method, -+ EVP_PKEY_RSA_method, - 64 /* MD5_CBLOCK */, -- sizeof(struct dev_crypto_state), -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), - }; - - #endif /* USE_CRYPTODEV_DIGESTS */ -@@ -909,6 +984,18 @@ - case NID_sha1: - *digest = &cryptodev_sha1; - break; -+ case NID_sha224: -+ *digest = &cryptodev_sha224; -+ break; -+ case NID_sha256: -+ *digest = &cryptodev_sha256; -+ break; -+ case NID_sha384: -+ *digest = &cryptodev_sha384; -+ break; -+ case NID_sha512: -+ *digest = &cryptodev_sha512; -+ break; - default: - #endif /* USE_CRYPTODEV_DIGESTS */ - *digest = NULL; -@@ -940,7 +1027,7 @@ - return (1); - memset(b, 0, bytes); - -- crp->crp_p = (caddr_t) b; -+ crp->crp_p = (void*) b; - crp->crp_nbits = bits; - - for (i = 0, j = 0; i < a->top; i++) { -@@ -1193,7 +1280,7 @@ - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -+ kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -1233,7 +1320,7 @@ - kop.crk_op = CRK_DSA_VERIFY; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -+ kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -1311,9 +1398,10 @@ - goto err; - kop.crk_iparams = 3; - -- kop.crk_param[3].crp_p = (caddr_t) key; -- kop.crk_param[3].crp_nbits = keylen * 8; -+ kop.crk_param[3].crp_p = (void*) key; -+ kop.crk_param[3].crp_nbits = keylen; - kop.crk_oparams = 1; -+ dhret = keylen/8; - - if (ioctl(fd, CIOCKEY, &kop) == -1) { - const DH_METHOD *meth = DH_OpenSSL(); -@@ -1385,7 +1473,7 @@ - put_dev_crypto(fd); - - if (!ENGINE_set_id(engine, "cryptodev") || -- !ENGINE_set_name(engine, "BSD cryptodev engine") || -+ !ENGINE_set_name(engine, "cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || - !ENGINE_set_digests(engine, cryptodev_engine_digests) || - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || diff --git a/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch b/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch deleted file mode 100644 index 855e4fe..0000000 --- a/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch +++ /dev/null @@ -1,340 +0,0 @@ -Submitted By: Armin K. <krejzi at email dot com> -Date: 2013-05-05 -Initial Package Version: 1.0.1e -Upstream Status: Unknown -Origin: https://github.com/Alexpux/Qt-builds/tree/master/patches/openssl -Description: Fixes build with make -jx, where x is greater than 1. - ---- a/crypto/Makefile 2013-02-11 16:26:04.000000000 +0100 -+++ b/crypto/Makefile 2013-05-05 20:06:34.872208113 +0200 -@@ -86,11 +86,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -101,7 +101,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -@@ -112,7 +112,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -121,7 +121,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- a/engines/Makefile 2013-02-11 16:26:04.000000000 +0100 -+++ b/engines/Makefile 2013-05-05 20:06:34.872208113 +0200 -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- a/Makefile.org 2013-02-11 16:26:04.000000000 +0100 -+++ b/Makefile.org 2013-05-05 20:06:34.862207917 +0200 -@@ -273,17 +273,17 @@ - build_libs: build_crypto build_ssl build_engines - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -- @dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -- @dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -- @dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -- @dir=test; target=all; $(BUILD_ONE_CMD) --build_tools: -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) -+build_ssl: build_crypto -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) -+build_engines: build_crypto -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) -+build_apps: build_libs -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) -+build_tests: build_libs -+ +@dir=test; target=all; $(BUILD_ONE_CMD) -+build_tools: build_libs -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -537,9 +537,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -548,12 +548,19 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ -@@ -633,12 +640,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ ---- a/Makefile.shared 2013-02-11 16:26:04.000000000 +0100 -+++ b/Makefile.shared 2013-05-05 20:06:34.872208113 +0200 -@@ -105,6 +105,7 @@ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- a/test/Makefile 2013-02-11 16:26:04.000000000 +0100 -+++ b/test/Makefile 2013-05-05 20:06:34.872208113 +0200 -@@ -124,7 +124,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -365,109 +365,109 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -480,7 +480,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - diff --git a/src/patches/openssl-1.0.1e-rpmbuild.patch b/src/patches/openssl-1.0.1e-rpmbuild.patch new file mode 100644 index 0000000..3fb3c64 --- /dev/null +++ b/src/patches/openssl-1.0.1e-rpmbuild.patch @@ -0,0 +1,44 @@ +diff -up openssl-1.0.1e/Configure.rpmbuild openssl-1.0.1e/Configure +--- openssl-1.0.1e/Configure.rpmbuild 2014-08-13 19:19:53.211005598 +0200 ++++ openssl-1.0.1e/Configure 2014-08-13 19:29:21.704099285 +0200 +@@ -1675,7 +1676,7 @@ while (<IN>) + elsif ($shared_extension ne "" && $shared_extension =~ /^.s([ol]).[^.]*.[^.]*$/) + { + my $sotmp = $1; +- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_MAJOR) .s$sotmp/; ++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_SONAMEVER) .s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^.[^.]*.[^.]*.dylib$/) + { +diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org +--- openssl-1.0.1e/Makefile.org.rpmbuild 2013-02-11 16:26:04.000000000 +0100 ++++ openssl-1.0.1e/Makefile.org 2014-08-13 19:19:53.218005759 +0200 +@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= + SHLIB_MAJOR= + SHLIB_MINOR= + SHLIB_EXT= ++SHLIB_SONAMEVER=10 + PLATFORM=dist + OPTIONS= + CONFIGURE_ARGS= +@@ -333,10 +334,9 @@ clean-shared: + link-shared: + @ set -e; for i in $(SHLIBDIRS); do \ + $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ +- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ ++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + symlink.$(SHLIB_TARGET); \ +- libs="$$libs -l$$i"; \ + done + + build-shared: do_$(SHLIB_TARGET) link-shared +@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET): + libs="$(LIBKRB5) $$libs"; \ + fi; \ + $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ +- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ ++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + LIBDEPS="$$libs $(EX_LIBS)" \ + link_a.$(SHLIB_TARGET); \ diff --git a/src/patches/openssl-1.0.1e-weak-ciphers.patch b/src/patches/openssl-1.0.1e-weak-ciphers.patch deleted file mode 100644 index 8657345..0000000 --- a/src/patches/openssl-1.0.1e-weak-ciphers.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h ---- openssl-1.0.1e/ssl/ssl.h.weak-ciphers 2013-12-18 15:50:40.881620314 +0100 -+++ openssl-1.0.1e/ssl/ssl.h 2013-12-18 14:25:25.596566704 +0100 -@@ -331,7 +331,7 @@ extern "C" { - /* The following cipher list is used by default. - * It also is substituted when an application-defined cipher list string - * starts with 'DEFAULT'. */ --#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" -+#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES" - /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always - * starts with a reasonable order, and all we have to do for DEFAULT is - * throwing out anonymous and unencrypted ciphersuites! diff --git a/src/patches/openssl-1.0.1m-weak-ciphers.patch b/src/patches/openssl-1.0.1m-weak-ciphers.patch new file mode 100644 index 0000000..f57b978 --- /dev/null +++ b/src/patches/openssl-1.0.1m-weak-ciphers.patch @@ -0,0 +1,11 @@ +--- openssl-1.0.1m/ssl/ssl.h.old 2015-03-19 15:25:20.646533583 +0100 ++++ openssl-1.0.1m/ssl/ssl.h 2015-03-19 15:25:31.229875691 +0100 +@@ -334,7 +334,7 @@ + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + */ +-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" ++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES" + /* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is diff --git a/src/patches/openssl-disable-sslv2-sslv3.patch b/src/patches/openssl-disable-sslv2-sslv3.patch index ebf5429..e42dfac 100644 --- a/src/patches/openssl-disable-sslv2-sslv3.patch +++ b/src/patches/openssl-disable-sslv2-sslv3.patch @@ -1,13 +1,12 @@ -diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c ---- openssl-1.0.1h/ssl/ssl_lib.c.v2v3 2014-06-11 16:02:52.000000000 +0200 -+++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-30 14:18:04.290248080 +0200 -@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - */ - ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - -+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */ -+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; -+ - return(ret); - err: - SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); +--- openssl-1.0.1m/ssl/ssl_lib.c.old 2015-03-19 15:56:40.966287977 +0100 ++++ openssl-1.0.1m/ssl/ssl_lib.c 2015-03-19 15:57:07.976160846 +0100 +@@ -1892,6 +1892,9 @@ + */ + ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + ++ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */ ++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; ++ + return (ret); + err: + SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
hooks/post-receive -- IPFire 2.x development tree