This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via a8d9f5cec1db248c75dc991d21186da554ca48ec (commit) via fffb0165b6f85068a60c9bb816ba09a4d6934fb2 (commit) via 6949953b7f8639d6ceca852416e285d3a04dd1e2 (commit) via 0e1fcef0180f7b6542be989f2c53db27c3cdd522 (commit) via 5f7a8b7e1cf7d665fc4df8757bf54d5d08903a88 (commit) via 506e4b967127485c89272751b7d870a9bd4c7b47 (commit) via 498b3cd3a85f0f3aba3297cbf786a12fb26bf1f6 (commit) via a0297133a1f2a6f98efbe2eec353015e2316f45d (commit) via 03d4ff6007bd06868a7ea6ae4a113a043aa1087b (commit) via 9ffd1b35db13760ceab2b396230fbc40fa03caec (commit) via 102825b673eaed53e2e07eda75b2341f42e479d7 (commit) via 13ed354420129239911bd9ec3229957caf8a7fd5 (commit) from e0b9a600e19f3829dcdf9858c776d7a169ea2ccc (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit a8d9f5cec1db248c75dc991d21186da554ca48ec Merge: fffb016 e0b9a60 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Mar 29 19:33:04 2015 +0200
Merge remote-tracking branch 'origin/next' into kernel-test
Conflicts: lfs/openssl-compat
commit fffb0165b6f85068a60c9bb816ba09a4d6934fb2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Mar 29 19:29:55 2015 +0200
kernel: update to 3.14.37
-----------------------------------------------------------------------
Summary of changes: .../kernel/kernel.config.armv5tel-ipfire-kirkwood | 4 +- config/kernel/kernel.config.armv5tel-ipfire-multi | 4 +- config/kernel/kernel.config.armv5tel-ipfire-rpi | 4 +- config/kernel/kernel.config.i586-ipfire | 5 +- config/kernel/kernel.config.i586-ipfire-pae | 5 +- config/rootfiles/common/armv5tel/linux-multi | 1 + .../{oldcore/87 => core/88}/filelists/fireinfo | 0 lfs/fireinfo | 1 + lfs/linux | 20 +- lfs/openssl | 18 +- lfs/openssl-compat | 13 +- lfs/tar | 4 +- make.sh | 4 +- ...info-Add-an-other-forbidden-string-Serial.patch | 25 + .../linux-3.14.x-lamobo-r1-fix-sata-pwr.patch | 49 -- src/patches/openssl-0.9.8u-cryptodev.patch | 882 --------------------- src/patches/openssl-1.0.1-beta2-build.patch | 109 --- src/patches/openssl-1.0.1e-cryptodev.patch | 712 ----------------- .../openssl-1.0.1e-fix_parallel_build-1.patch | 340 -------- src/patches/openssl-1.0.1e-rpmbuild.patch | 63 ++ src/patches/openssl-1.0.1e-weak-ciphers.patch | 12 - src/patches/openssl-1.0.1m-weak-ciphers.patch | 11 + src/patches/openssl-disable-sslv2-sslv3.patch | 25 +- 23 files changed, 154 insertions(+), 2157 deletions(-) copy config/rootfiles/{oldcore/87 => core/88}/filelists/fireinfo (100%) create mode 100644 src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch delete mode 100644 src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch delete mode 100644 src/patches/openssl-0.9.8u-cryptodev.patch delete mode 100644 src/patches/openssl-1.0.1-beta2-build.patch delete mode 100644 src/patches/openssl-1.0.1e-cryptodev.patch delete mode 100644 src/patches/openssl-1.0.1e-fix_parallel_build-1.patch create mode 100644 src/patches/openssl-1.0.1e-rpmbuild.patch delete mode 100644 src/patches/openssl-1.0.1e-weak-ciphers.patch create mode 100644 src/patches/openssl-1.0.1m-weak-ciphers.patch
Difference in files: diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index 18ffcd7..cf44486 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 3.14.30 Kernel Configuration +# Linux/arm 3.14.37 Kernel Configuration # CONFIG_ARM=y CONFIG_SYS_SUPPORTS_APM_EMULATION=y @@ -5042,7 +5042,6 @@ CONFIG_DEBUG_KERNEL=y # # Memory Debugging # -# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set @@ -5275,6 +5274,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_RENAME=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y
diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index e3fa93e..25de266 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 3.14.30 Kernel Configuration +# Linux/arm 3.14.37 Kernel Configuration # CONFIG_ARM=y CONFIG_MIGHT_HAVE_PCI=y @@ -5530,7 +5530,6 @@ CONFIG_DEBUG_KERNEL=y # # Memory Debugging # -# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y @@ -5764,6 +5763,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_RENAME=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y
diff --git a/config/kernel/kernel.config.armv5tel-ipfire-rpi b/config/kernel/kernel.config.armv5tel-ipfire-rpi index 17a7305..b25210a 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-rpi +++ b/config/kernel/kernel.config.armv5tel-ipfire-rpi @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 3.14.30 Kernel Configuration +# Linux/arm 3.14.37 Kernel Configuration # CONFIG_ARM=y CONFIG_SYS_SUPPORTS_APM_EMULATION=y @@ -3643,7 +3643,6 @@ CONFIG_DEBUG_KERNEL=y # # Memory Debugging # -# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set @@ -3858,6 +3857,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_RENAME=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y
diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 87687d9..f5ff73e 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.30 Kernel Configuration +# Linux/x86 3.14.37 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -410,6 +410,7 @@ CONFIG_SCHED_MC=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set +CONFIG_X86_UP_APIC_MSI=y CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y @@ -5494,7 +5495,6 @@ CONFIG_DEBUG_KERNEL=y # # Memory Debugging # -# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set @@ -5766,6 +5766,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_RENAME=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y
diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index c5a437a..8e72201 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.30 Kernel Configuration +# Linux/x86 3.14.37 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -420,6 +420,7 @@ CONFIG_SCHED_MC=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set +CONFIG_X86_UP_APIC_MSI=y CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y @@ -5537,7 +5538,6 @@ CONFIG_DEBUG_KERNEL=y # # Memory Debugging # -# CONFIG_DEBUG_PAGEALLOC is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_DEBUG_ON is not set # CONFIG_SLUB_STATS is not set @@ -5807,6 +5807,7 @@ CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_RENAME=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set CONFIG_GRKERNSEC_CHROOT_INITRD=y
diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index fa07629..c2d3cd2 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -53,6 +53,7 @@ boot/dtb-KVER-ipfire-multi #boot/dtb-KVER-ipfire-multi/imx6dl-sabresd.dtb #boot/dtb-KVER-ipfire-multi/imx6dl-wandboard.dtb #boot/dtb-KVER-ipfire-multi/imx6q-arm2.dtb +#boot/dtb-KVER-ipfire-multi/imx6q-cm-fx6.dtb #boot/dtb-KVER-ipfire-multi/imx6q-cubox-i.dtb #boot/dtb-KVER-ipfire-multi/imx6q-gw51xx.dtb #boot/dtb-KVER-ipfire-multi/imx6q-gw52xx.dtb diff --git a/config/rootfiles/core/88/filelists/fireinfo b/config/rootfiles/core/88/filelists/fireinfo new file mode 120000 index 0000000..c461155 --- /dev/null +++ b/config/rootfiles/core/88/filelists/fireinfo @@ -0,0 +1 @@ +../../../common/fireinfo \ No newline at end of file diff --git a/lfs/fireinfo b/lfs/fireinfo index 3295388..e63bdc8 100644 --- a/lfs/fireinfo +++ b/lfs/fireinfo @@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch
cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh cd $(DIR_APP) && ./configure --prefix=/usr diff --git a/lfs/linux b/lfs/linux index ef30fa6..17a1297 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,11 +24,11 @@
include Config
-VER = 3.14.33 +VER = 3.14.37
-RPI_PATCHES = 3.14.33-grsec-ipfire1 -A7M_PATCHES = 3.14.33-grsec-ipfire1 -GRS_PATCHES = grsecurity-3.0-3.14.33-201502180832.patch.xz +RPI_PATCHES = 3.14.37-grsec-ipfire1 +A7M_PATCHES = 3.14.37-grsec-ipfire1 +GRS_PATCHES = grsecurity-3.1-3.14.37-201503270048.patch.xz
THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -37,7 +37,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = CXXFLAGS =
-PAK_VER = 58 +PAK_VER = 59 DEPS = ""
VERSUFIX=ipfire$(KCFG) @@ -77,10 +77,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES). arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = c19feb0646fde7e96602ac313fb7e5d6 -rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = e423c8b3a408f23b9a26f8f0f4384c50 -arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = f147ce7c81889d2c5134304f3a6e60e3 -$(GRS_PATCHES)_MD5 = 119943451628ff5a62437637d60a585d +$(DL_FILE)_MD5 = 43abcb454054c53fb07296e84119edc5 +rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 375dc501711ff3ffeffdfc9848675d26 +arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = 8a0a0d6ef78d53b3095691499dac4b71 +$(GRS_PATCHES)_MD5 = d83ca635c83bbd5efc4372992ab58094
install : $(TARGET)
@@ -178,8 +178,6 @@ ifeq "$(KCFG)" "-multi" # Install switch api userspace header cd $(DIR_APP) && install -v -m644 include/uapi/linux/switch.h /usr/include/linux/
- # Fix Lamobo-R1 SATA Power - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch endif
ifeq "$(KCFG)" "-rpi" diff --git a/lfs/openssl b/lfs/openssl index df068f3..588cf04 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@
include Config
-VER = 1.0.1k +VER = 1.0.1m
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -51,7 +51,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d4f002bd22a56881340105028842ae1f +$(DL_FILE)_MD5 = d143d1555d842a069cb7cc34ba745a06
install : $(TARGET)
@@ -82,12 +82,14 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1-beta2-build.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-rpmbuild.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ # Apply our CFLAGS + cd $(DIR_APP) && sed -i Configure \ + -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" + cd $(DIR_APP) && find crypto/ -name Makefile -exec \ sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} ;
@@ -107,9 +109,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) no-rc5 \ no-srp \ $(CONFIGURE_ARGS) \ - -DSSL_FORBID_ENULL \ - -DHAVE_CRYPTODEV \ - -DUSE_CRYPTODEV_DIGEST + -DSSL_FORBID_ENULL
cd $(DIR_APP) && make depend cd $(DIR_APP) && make diff --git a/lfs/openssl-compat b/lfs/openssl-compat index a722f59..5e3c1ff 100644 --- a/lfs/openssl-compat +++ b/lfs/openssl-compat @@ -24,7 +24,7 @@
include Config
-VER = 0.9.8ze +VER = 0.9.8zf
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = edcca64ac2fbf2b03461936d5e42a262 +$(DL_FILE)_MD5 = c69a4a679233f7df189e1ad6659511ec
install : $(TARGET)
@@ -71,9 +71,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8u-cryptodev.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ # Apply our CFLAGS + cd $(DIR_APP) && sed -i Configure \ + -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" + cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure
@@ -87,9 +90,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) zlib-dynamic \ no-engines \ no-asm 386 \ - -DSSL_FORBID_ENULL \ - -DHAVE_CRYPTODEV \ - -DUSE_CRYPTODEV_DIGEST + -DSSL_FORBID_ENULL
cd $(DIR_APP) && make depend cd $(DIR_APP) && make diff --git a/lfs/tar b/lfs/tar index 5919b04..d701dd0 100644 --- a/lfs/tar +++ b/lfs/tar @@ -36,7 +36,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) ifeq "$(ROOT)" "" TARGET = $(DIR_INFO)/$(THISAPP) EXTRA_CONFIG = --prefix=/usr --bindir=/bin \ - --libexecdir=/usr/sbin --disable-nls FORCE_UNSAFE_CONFIGURE=1 + --libexecdir=/usr/sbin --disable-nls EXTRA_MAKE = EXTRA_INSTALL = else @@ -84,7 +84,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure $(EXTRA_CONFIG) + cd $(DIR_APP) && ./configure $(EXTRA_CONFIG) FORCE_UNSAFE_CONFIGURE=1 cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make $(EXTRA_INSTALL) install @rm -rf $(DIR_APP) diff --git a/make.sh b/make.sh index d049888..4deb3c8 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.17" # Version number -CORE="88" # Core Level (Filename) -PAKFIRE_CORE="88" # Core Level (PAKFIRE) +CORE="89" # Core Level (Filename) +PAKFIRE_CORE="89" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir diff --git a/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch b/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch new file mode 100644 index 0000000..d710852 --- /dev/null +++ b/src/patches/fireinfo-Add-an-other-forbidden-string-Serial.patch @@ -0,0 +1,25 @@ +From edacae4b2cdc41f1c0bfc93e041532ff6c49f60c Mon Sep 17 00:00:00 2001 +From: Michael Tremer michael.tremer@ipfire.org +Date: Tue, 17 Mar 2015 22:19:17 +0100 +Subject: [PATCH] Add an other forbidden string: "Serial" + +--- + src/fireinfo/system.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/fireinfo/system.py b/src/fireinfo/system.py +index daf77b399d20..9d7872822b85 100644 +--- a/src/fireinfo/system.py ++++ b/src/fireinfo/system.py +@@ -45,7 +45,7 @@ INVALID_ID_STRINGS = ( + "EVAL", + "Not Applicable", + "None", "empty", +- "System Serial Number", ++ "Serial", "System Serial Number", + "XXXXX", + "01010101-0101-0101-0101-010101010101", + "00020003-0004-0005-0006-000700080009", +-- +2.1.0 + diff --git a/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch b/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch deleted file mode 100644 index 1c0f994..0000000 --- a/src/patches/linux-3.14.x-lamobo-r1-fix-sata-pwr.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 7f558e6e8abee42cc966e2cb64be0de875797e07 Mon Sep 17 00:00:00 2001 -From: Arne Fitzenreiter arne_f@ipfire.org -Date: Fri, 20 Feb 2015 10:01:26 +0100 -Subject: [PATCH] sun7i: dts: lamobo-r1: fix sata pwr regulator pin. - -Lamobo-R1 use PB3 instead of PB8 for controlling the SATA power regulator. ---- - arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git a/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts b/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts -index 1eb6c9b..d634d2f 100644 ---- a/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts -+++ b/arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts -@@ -166,6 +166,16 @@ - reg = <1>; - }; - }; -+ -+ pio: pinctrl@01c20800 { -+ ahci_pwr_pin_a: ahci_pwr_pin@0 { -+ allwinner,pins = "PB3"; -+ allwinner,function = "gpio_out"; -+ allwinner,drive = <0>; -+ allwinner,pull = <0>; -+ }; -+ }; -+ - }; - - leds { -@@ -181,6 +191,14 @@ - }; - - reg_ahci_5v: ahci-5v { -+ compatible = "regulator-fixed"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&ahci_pwr_pin_a>; -+ regulator-name = "ahci-5v"; -+ regulator-min-microvolt = <5000000>; -+ regulator-max-microvolt = <5000000>; -+ enable-active-high; -+ gpio = <&pio 1 3 0>; - status = "okay"; - }; - --- -1.8.5.2 - diff --git a/src/patches/openssl-0.9.8u-cryptodev.patch b/src/patches/openssl-0.9.8u-cryptodev.patch deleted file mode 100644 index 920648d..0000000 --- a/src/patches/openssl-0.9.8u-cryptodev.patch +++ /dev/null @@ -1,882 +0,0 @@ -diff -Naur openssl-0.9.8u.org/crypto/engine/eng_all.c openssl-0.9.8u/crypto/engine/eng_all.c ---- openssl-0.9.8u.org/crypto/engine/eng_all.c 2010-03-01 01:30:11.000000000 +0100 -+++ openssl-0.9.8u/crypto/engine/eng_all.c 2012-03-27 14:07:11.000000000 +0200 -@@ -113,7 +113,6 @@ - #endif - } - --#if defined(__OpenBSD__) || defined(__FreeBSD__) - void ENGINE_setup_bsd_cryptodev(void) { - static int bsd_cryptodev_default_loaded = 0; - if (!bsd_cryptodev_default_loaded) { -@@ -122,4 +121,3 @@ - } - bsd_cryptodev_default_loaded=1; - } --#endif -diff -Naur openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c openssl-0.9.8u/crypto/engine/eng_cryptodev.c ---- openssl-0.9.8u.org/crypto/engine/eng_cryptodev.c 2012-03-06 14:22:32.000000000 +0100 -+++ openssl-0.9.8u/crypto/engine/eng_cryptodev.c 2012-03-27 14:02:59.000000000 +0200 -@@ -2,6 +2,7 @@ - * Copyright (c) 2002 Bob Beck beck@openbsd.org - * Copyright (c) 2002 Theo de Raadt - * Copyright (c) 2002 Markus Friedl -+ * Copyright (c) 2012 Nikos Mavrogiannopoulos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -30,10 +31,6 @@ - #include <openssl/engine.h> - #include <openssl/evp.h> - #include <openssl/bn.h> --#include <openssl/dsa.h> --#include <openssl/rsa.h> --#include <openssl/dh.h> --#include <openssl/err.h> - - #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ - (defined(OpenBSD) || defined(__FreeBSD__)) -@@ -59,6 +56,10 @@ - - #include <sys/types.h> - #include <crypto/cryptodev.h> -+#include <crypto/dh/dh.h> -+#include <crypto/dsa/dsa.h> -+#include <crypto/err/err.h> -+#include <crypto/rsa/rsa.h> - #include <sys/ioctl.h> - #include <errno.h> - #include <stdio.h> -@@ -72,6 +73,12 @@ - struct dev_crypto_state { - struct session_op d_sess; - int d_fd; -+ -+#ifdef USE_CRYPTODEV_DIGESTS -+ unsigned char digest_res[HASH_MAX_LEN]; -+ char *mac_data; -+ int mac_len; -+#endif - }; - - static u_int32_t cryptodev_asymfeat = 0; -@@ -79,15 +86,14 @@ - static int get_asym_dev_crypto(void); - static int open_dev_crypto(void); - static int get_dev_crypto(void); --static int cryptodev_max_iv(int cipher); --static int cryptodev_key_length_valid(int cipher, int len); --static int cipher_nid_to_cryptodev(int nid); - static int get_cryptodev_ciphers(const int **cnids); --/*static int get_cryptodev_digests(const int **cnids);*/ -+#ifdef USE_CRYPTODEV_DIGESTS -+static int get_cryptodev_digests(const int **cnids); -+#endif - static int cryptodev_usable_ciphers(const int **nids); - static int cryptodev_usable_digests(const int **nids); - static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl); -+ const unsigned char *in, size_t inl); - static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); -@@ -121,7 +127,7 @@ - static int cryptodev_dh_compute_key(unsigned char *key, - const BIGNUM *pub_key, DH *dh); - static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, -- void (*f)()); -+ void (*f)(void)); - void ENGINE_load_cryptodev(void); - - static const ENGINE_CMD_DEFN cryptodev_defns[] = { -@@ -134,27 +140,38 @@ - int ivmax; - int keylen; - } ciphers[] = { -+ { CRYPTO_ARC4, NID_rc4, 0, 16, }, - { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, - { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, - { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, -+ { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, -+ { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, - { 0, NID_undef, 0, 0, }, - }; - --#if 0 -+#ifdef USE_CRYPTODEV_DIGESTS - static struct { - int id; - int nid; -+ int digestlen; - } digests[] = { -- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, -- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, -- { CRYPTO_MD5_KPDK, NID_undef, }, -- { CRYPTO_SHA1_KPDK, NID_undef, }, -- { CRYPTO_MD5, NID_md5, }, -- { CRYPTO_SHA1, NID_undef, }, -- { 0, NID_undef, }, -+#if 0 -+ /* HMAC is not supported */ -+ { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, -+ { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, -+ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, -+ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, -+ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, -+#endif -+ { CRYPTO_MD5, NID_md5, 16}, -+ { CRYPTO_SHA1, NID_sha1, 20}, -+ { CRYPTO_SHA2_256, NID_sha256, 32}, -+ { CRYPTO_SHA2_384, NID_sha384, 48}, -+ { CRYPTO_SHA2_512, NID_sha512, 64}, -+ { 0, NID_undef, 0}, - }; - #endif - -@@ -186,6 +203,7 @@ - - if ((fd = open_dev_crypto()) == -1) - return (-1); -+#ifndef CRIOGET_NOT_NEEDED - if (ioctl(fd, CRIOGET, &retfd) == -1) - return (-1); - -@@ -194,9 +212,19 @@ - close(retfd); - return (-1); - } -+#else -+ retfd = fd; -+#endif - return (retfd); - } - -+static void put_dev_crypto(int fd) -+{ -+#ifndef CRIOGET_NOT_NEEDED -+ close(fd); -+#endif -+} -+ - /* Caching version for asym operations */ - static int - get_asym_dev_crypto(void) -@@ -209,50 +237,6 @@ - } - - /* -- * XXXX this needs to be set for each alg - and determined from -- * a running card. -- */ --static int --cryptodev_max_iv(int cipher) --{ -- int i; -- -- for (i = 0; ciphers[i].id; i++) -- if (ciphers[i].id == cipher) -- return (ciphers[i].ivmax); -- return (0); --} -- --/* -- * XXXX this needs to be set for each alg - and determined from -- * a running card. For now, fake it out - but most of these -- * for real devices should return 1 for the supported key -- * sizes the device can handle. -- */ --static int --cryptodev_key_length_valid(int cipher, int len) --{ -- int i; -- -- for (i = 0; ciphers[i].id; i++) -- if (ciphers[i].id == cipher) -- return (ciphers[i].keylen == len); -- return (0); --} -- --/* convert libcrypto nids to cryptodev */ --static int --cipher_nid_to_cryptodev(int nid) --{ -- int i; -- -- for (i = 0; ciphers[i].id; i++) -- if (ciphers[i].nid == nid) -- return (ciphers[i].id); -- return (0); --} -- --/* - * Find out what ciphers /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL -@@ -264,13 +248,14 @@ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; - - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.key = (caddr_t)"123456781234567812345678"; -+ sess.key = (void*)fake_key; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) -@@ -282,7 +267,7 @@ - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = ciphers[i].nid; - } -- close(fd); -+ put_dev_crypto(fd); - - if (count > 0) - *cnids = nids; -@@ -291,7 +276,7 @@ - return (count); - } - --#if 0 /* unused */ -+#ifdef USE_CRYPTODEV_DIGESTS - /* - * Find out what digests /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! -@@ -302,6 +287,7 @@ - get_cryptodev_digests(const int **cnids) - { - static int nids[CRYPTO_ALGORITHM_MAX]; -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; - struct session_op sess; - int fd, i, count = 0; - -@@ -310,16 +296,18 @@ - return (0); - } - memset(&sess, 0, sizeof(sess)); -+ sess.mackey = fake_key; - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; -+ sess.mackeylen = 8; - sess.cipher = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = digests[i].nid; - } -- close(fd); -+ put_dev_crypto(fd); - - if (count > 0) - *cnids = nids; -@@ -327,8 +315,7 @@ - *cnids = NULL; - return (count); - } -- --#endif -+#endif /* 0 */ - - /* - * Find the useable ciphers|digests from dev/crypto - this is the first -@@ -360,6 +347,9 @@ - static int - cryptodev_usable_digests(const int **nids) - { -+#ifdef USE_CRYPTODEV_DIGESTS -+ return (get_cryptodev_digests(nids)); -+#else - /* - * XXXX just disable all digests for now, because it sucks. - * we need a better way to decide this - i.e. I may not -@@ -374,11 +364,12 @@ - */ - *nids = NULL; - return (0); -+#endif - } - - static int - cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -- const unsigned char *in, unsigned int inl) -+ const unsigned char *in, size_t inl) - { - struct crypt_op cryp; - struct dev_crypto_state *state = ctx->cipher_data; -@@ -398,14 +389,14 @@ - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; -+ cryp.src = (void*) in; -+ cryp.dst = (void*) out; - cryp.mac = 0; - - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - - if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; -+ cryp.iv = (void*) ctx->iv; - if (!ctx->encrypt) { - iiv = in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); -@@ -436,28 +427,32 @@ - { - struct dev_crypto_state *state = ctx->cipher_data; - struct session_op *sess = &state->d_sess; -- int cipher; -+ int cipher = -1, i; - -- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) -- return (0); -- -- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) -- return (0); -+ for (i = 0; ciphers[i].id; i++) -+ if (ctx->cipher->nid == ciphers[i].nid && -+ ctx->cipher->iv_len <= ciphers[i].ivmax && -+ ctx->key_len == ciphers[i].keylen) { -+ cipher = ciphers[i].id; -+ break; -+ } - -- if (!cryptodev_key_length_valid(cipher, ctx->key_len)) -+ if (!ciphers[i].id) { -+ state->d_fd = -1; - return (0); -+ } - - memset(sess, 0, sizeof(struct session_op)); - - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - -- sess->key = (char *)key; -+ sess->key = (void*)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; - - if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { -- close(state->d_fd); -+ put_dev_crypto(state->d_fd); - state->d_fd = -1; - return (0); - } -@@ -494,7 +489,7 @@ - } else { - ret = 1; - } -- close(state->d_fd); -+ put_dev_crypto(state->d_fd); - state->d_fd = -1; - - return (ret); -@@ -505,6 +500,20 @@ - * gets called when libcrypto requests a cipher NID. - */ - -+/* RC4 */ -+const EVP_CIPHER cryptodev_rc4 = { -+ NID_rc4, -+ 1, 16, 0, -+ EVP_CIPH_VARIABLE_LENGTH, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ NULL, -+ NULL, -+ NULL -+}; -+ - /* DES CBC EVP */ - const EVP_CIPHER cryptodev_des_cbc = { - NID_des_cbc, -@@ -572,6 +581,32 @@ - NULL - }; - -+const EVP_CIPHER cryptodev_aes_192_cbc = { -+ NID_aes_192_cbc, -+ 16, 24, 16, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ -+const EVP_CIPHER cryptodev_aes_256_cbc = { -+ NID_aes_256_cbc, -+ 16, 32, 16, -+ EVP_CIPH_CBC_MODE, -+ cryptodev_init_key, -+ cryptodev_cipher, -+ cryptodev_cleanup, -+ sizeof(struct dev_crypto_state), -+ EVP_CIPHER_set_asn1_iv, -+ EVP_CIPHER_get_asn1_iv, -+ NULL -+}; -+ - /* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the -@@ -585,6 +620,9 @@ - return (cryptodev_usable_ciphers(nids)); - - switch (nid) { -+ case NID_rc4: -+ *cipher = &cryptodev_rc4; -+ break; - case NID_des_ede3_cbc: - *cipher = &cryptodev_3des_cbc; - break; -@@ -600,6 +638,12 @@ - case NID_aes_128_cbc: - *cipher = &cryptodev_aes_cbc; - break; -+ case NID_aes_192_cbc: -+ *cipher = &cryptodev_aes_192_cbc; -+ break; -+ case NID_aes_256_cbc: -+ *cipher = &cryptodev_aes_256_cbc; -+ break; - default: - *cipher = NULL; - break; -@@ -607,6 +651,286 @@ - return (*cipher != NULL); - } - -+ -+#ifdef USE_CRYPTODEV_DIGESTS -+ -+/* convert digest type to cryptodev */ -+static int -+digest_nid_to_cryptodev(int nid) -+{ -+ int i; -+ -+ for (i = 0; digests[i].id; i++) -+ if (digests[i].nid == nid) -+ return (digests[i].id); -+ return (0); -+} -+ -+ -+static int cryptodev_digest_init(EVP_MD_CTX *ctx) -+{ -+ struct dev_crypto_state *state = ctx->md_data; -+ struct session_op *sess = &state->d_sess; -+ int digest; -+ -+ if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ -+ printf("cryptodev_digest_init: Can't get digest \n"); -+ return (0); -+ } -+ memset(state, 0, sizeof(struct dev_crypto_state)); -+ -+ if ((state->d_fd = get_dev_crypto()) < 0) { -+ printf("cryptodev_digest_init: Can't get Dev \n"); -+ return (0); -+ } -+ -+ sess->mackey = NULL; -+ sess->mackeylen = 0; -+ sess->mac = digest; -+ -+ if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; -+ printf("cryptodev_digest_init: Open session failed\n"); -+ return (0); -+ } -+ -+ return (1); -+} -+ -+static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, -+ size_t count) -+{ -+ struct dev_crypto_state *state = ctx->md_data; -+ struct crypt_op cryp; -+ struct session_op *sess = &state->d_sess; -+ -+ if (!data || state->d_fd < 0) { -+ printf("cryptodev_digest_update: illegal inputs \n"); -+ return (0); -+ } -+ -+ if (!count) { -+ return (1); -+ } -+ -+ if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { -+ /* if application doesn't support one buffer */ -+ state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); -+ -+ if (!state->mac_data) { -+ printf("cryptodev_digest_update: realloc failed\n"); -+ return (0); -+ } -+ -+ memcpy(state->mac_data + state->mac_len, data, count); -+ state->mac_len += count; -+ -+ return (1); -+ } -+ -+ memset(&cryp, 0, sizeof(cryp)); -+ -+ cryp.ses = sess->ses; -+ cryp.flags = 0; -+ cryp.len = count; -+ cryp.src = (void*) data; -+ cryp.dst = NULL; -+ cryp.mac = (void*) state->digest_res; -+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { -+ printf("cryptodev_digest_update: digest failed\n"); -+ return (0); -+ } -+ return (1); -+} -+ -+ -+static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ struct crypt_op cryp; -+ struct dev_crypto_state *state = ctx->md_data; -+ struct session_op *sess = &state->d_sess; -+ -+ if (!md || state->d_fd < 0) { -+ printf("cryptodev_digest_final: illegal input\n"); -+ return(0); -+ } -+ -+ if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { -+ /* if application doesn't support one buffer */ -+ memset(&cryp, 0, sizeof(cryp)); -+ cryp.ses = sess->ses; -+ cryp.flags = 0; -+ cryp.len = state->mac_len; -+ cryp.src = state->mac_data; -+ cryp.dst = NULL; -+ cryp.mac = (void*)md; -+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { -+ printf("cryptodev_digest_final: digest failed\n"); -+ return (0); -+ } -+ -+ return 1; -+ } -+ -+ memcpy(md, state->digest_res, ctx->digest->md_size); -+ -+ return 1; -+} -+ -+ -+static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) -+{ -+ int ret = 1; -+ struct dev_crypto_state *state = ctx->md_data; -+ struct session_op *sess = &state->d_sess; -+ -+ if (state == NULL) -+ return 0; -+ -+ if (state->d_fd < 0) { -+ printf("cryptodev_digest_cleanup: illegal input\n"); -+ return (0); -+ } -+ -+ if (state->mac_data) { -+ OPENSSL_free(state->mac_data); -+ state->mac_data = NULL; -+ state->mac_len = 0; -+ } -+ -+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { -+ printf("cryptodev_digest_cleanup: failed to close session\n"); -+ ret = 0; -+ } else { -+ ret = 1; -+ } -+ put_dev_crypto(state->d_fd); -+ state->d_fd = -1; -+ -+ return (ret); -+} -+ -+static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) -+{ -+ struct dev_crypto_state *fstate = from->md_data; -+ struct dev_crypto_state *dstate = to->md_data; -+ struct session_op *sess; -+ int digest; -+ -+ if (dstate == NULL || fstate == NULL) -+ return 1; -+ -+ memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); -+ -+ sess = &dstate->d_sess; -+ -+ digest = digest_nid_to_cryptodev(to->digest->type); -+ -+ sess->mackey = NULL; -+ sess->mackeylen = 0; -+ sess->mac = digest; -+ -+ dstate->d_fd = get_dev_crypto(); -+ -+ if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { -+ put_dev_crypto(dstate->d_fd); -+ dstate->d_fd = -1; -+ printf("cryptodev_digest_init: Open session failed\n"); -+ return (0); -+ } -+ -+ if (fstate->mac_len != 0) { -+ if (fstate->mac_data != NULL) -+ { -+ dstate->mac_data = OPENSSL_malloc(fstate->mac_len); -+ memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); -+ dstate->mac_len = fstate->mac_len; -+ } -+ } -+ -+ return 1; -+} -+ -+ -+static const EVP_MD cryptodev_sha1 = { -+ NID_sha1, -+ NID_sha1WithRSAEncryption, -+ SHA_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha256 = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA256_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha384 = { -+ NID_sha384, -+ NID_sha384WithRSAEncryption, -+ SHA384_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha512 = { -+ NID_sha512, -+ NID_sha512WithRSAEncryption, -+ SHA512_DIGEST_LENGTH, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_md5 = { -+ NID_md5, -+ NID_md5WithRSAEncryption, -+ 16 /* MD5_DIGEST_LENGTH */, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ 64 /* MD5_CBLOCK */, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+#endif /* USE_CRYPTODEV_DIGESTS */ -+ -+ - static int - cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) -@@ -615,10 +939,24 @@ - return (cryptodev_usable_digests(nids)); - - switch (nid) { -+#ifdef USE_CRYPTODEV_DIGESTS - case NID_md5: -- *digest = NULL; /* need to make a clean md5 critter */ -+ *digest = &cryptodev_md5; - break; -+ case NID_sha1: -+ *digest = &cryptodev_sha1; -+ break; -+ case NID_sha256: -+ *digest = &cryptodev_sha256; -+ break; -+ case NID_sha384: -+ *digest = &cryptodev_sha384; -+ break; -+ case NID_sha512: -+ *digest = &cryptodev_sha512; -+ break; - default: -+#endif /* USE_CRYPTODEV_DIGESTS */ - *digest = NULL; - break; - } -@@ -646,8 +984,9 @@ - b = malloc(bytes); - if (b == NULL) - return (1); -+ memset(b, 0, bytes); - -- crp->crp_p = (char *)b; -+ crp->crp_p = (void*) b; - crp->crp_nbits = bits; - - for (i = 0, j = 0; i < a->top; i++) { -@@ -690,7 +1029,7 @@ - { - int i; - -- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { -+ for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { - if (kop->crk_param[i].crp_p) - free(kop->crk_param[i].crp_p); - kop->crk_param[i].crp_p = NULL; -@@ -776,8 +1115,9 @@ - cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - { - int r; -- -+ ctx = BN_CTX_new(); - r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); -+ BN_CTX_free(ctx); - return (r); - } - -@@ -899,7 +1239,7 @@ - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -+ kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -939,7 +1279,7 @@ - kop.crk_op = CRK_DSA_VERIFY; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -+ kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -1017,7 +1357,7 @@ - goto err; - kop.crk_iparams = 3; - -- kop.crk_param[3].crp_p = (char *)key; -+ kop.crk_param[3].crp_p = (void*) key; - kop.crk_param[3].crp_nbits = keylen * 8; - kop.crk_oparams = 1; - -@@ -1048,7 +1388,7 @@ - * but I expect we'll want some options soon. - */ - static int --cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) -+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) - { - #ifdef HAVE_SYSLOG_R - struct syslog_data sd = SYSLOG_DATA_INIT; -@@ -1084,14 +1424,14 @@ - * find out what asymmetric crypto algorithms we support - */ - if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { -- close(fd); -+ put_dev_crypto(fd); - ENGINE_free(engine); - return; - } -- close(fd); -+ put_dev_crypto(fd); - - if (!ENGINE_set_id(engine, "cryptodev") || -- !ENGINE_set_name(engine, "BSD cryptodev engine") || -+ !ENGINE_set_name(engine, "cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || - !ENGINE_set_digests(engine, cryptodev_engine_digests) || - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || -diff -Naur openssl-0.9.8u.org/crypto/engine/engine.h openssl-0.9.8u/crypto/engine/engine.h ---- openssl-0.9.8u.org/crypto/engine/engine.h 2010-02-09 15:18:15.000000000 +0100 -+++ openssl-0.9.8u/crypto/engine/engine.h 2012-03-27 14:05:15.000000000 +0200 -@@ -705,9 +705,7 @@ - * values. */ - void *ENGINE_get_static_state(void); - --#if defined(__OpenBSD__) || defined(__FreeBSD__) - void ENGINE_setup_bsd_cryptodev(void); --#endif - - /* BEGIN ERROR CODES */ - /* The following lines are auto generated by the script mkerr.pl. Any changes -diff -Naur openssl-0.9.8u.org/crypto/evp/c_all.c openssl-0.9.8u/crypto/evp/c_all.c ---- openssl-0.9.8u.org/crypto/evp/c_all.c 2004-08-29 18:36:04.000000000 +0200 -+++ openssl-0.9.8u/crypto/evp/c_all.c 2012-03-27 14:05:15.000000000 +0200 -@@ -83,8 +83,6 @@ - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); - #ifndef OPENSSL_NO_ENGINE --# if defined(__OpenBSD__) || defined(__FreeBSD__) - ENGINE_setup_bsd_cryptodev(); --# endif - #endif - } diff --git a/src/patches/openssl-1.0.1-beta2-build.patch b/src/patches/openssl-1.0.1-beta2-build.patch deleted file mode 100644 index 0a5cef1..0000000 --- a/src/patches/openssl-1.0.1-beta2-build.patch +++ /dev/null @@ -1,109 +0,0 @@ -diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure ---- openssl-1.0.1-beta2/Configure.rpmbuild 2012-01-05 01:07:34.000000000 +0100 -+++ openssl-1.0.1-beta2/Configure 2012-02-02 12:43:56.547409325 +0100 -@@ -343,23 +343,23 @@ my %table=( - #### - # *-generic* is endian-neutral target, but ./config is free to - # throw in -D[BL]_ENDIAN, whichever appropriate... --"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-generic32","gcc:-DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", -+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - # It's believed that majority of ARM toolchains predefine appropriate -march. - # If you compiler does not, do complement config command line with one! --"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-armv4", "gcc:-DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - #### IA-32 targets... - "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", - #### --"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", --"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-generic64","gcc:-DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", -+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", -+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", --"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", -+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", -+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", - #### So called "highgprs" target for z/Architecture CPUs - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see - # /proc/cpuinfo. The idea is to preserve most significant bits of -@@ -373,16 +373,16 @@ my %table=( - # ldconfig and run-time linker to autodiscover. Unfortunately it - # doesn't work just yet, because of couple of bugs in glibc - # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... --"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn-s390x.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::/highgprs", -+"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn-s390x.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::/highgprs", - #### SPARC Linux setups - # Ray Miller ray.miller@computing-services.oxford.ac.uk has patiently - # assisted with debugging of following two configs. --"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - # it's a real mess with -mcpu=ultrasparc option under Linux, but - # -Wa,-Av8plus should do the trick no matter what. --"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - # GCC 3.1 is a requirement --"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", -+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", - #### Alpha Linux with GNU C and Compaq C setups - # Special notes: - # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -@@ -396,8 +396,8 @@ my %table=( - # - # appro@fy.chalmers.se - # --"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", -+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - -@@ -1678,7 +1678,7 @@ while (<IN>) - elsif ($shared_extension ne "" && $shared_extension =~ /^.s([ol]).[^.]*.[^.]*$/) - { - my $sotmp = $1; -- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_MAJOR) .s$sotmp/; -+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_SONAMEVER) .s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^.[^.]*.[^.]*.dylib$/) - { -diff -up openssl-1.0.1-beta2/Makefile.org.rpmbuild openssl-1.0.1-beta2/Makefile.org ---- openssl-1.0.1-beta2/Makefile.org.rpmbuild 2011-12-27 16:17:50.000000000 +0100 -+++ openssl-1.0.1-beta2/Makefile.org 2012-02-02 12:30:23.652495435 +0100 -@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= - SHLIB_MAJOR= - SHLIB_MINOR= - SHLIB_EXT= -+SHLIB_SONAMEVER=10 - PLATFORM=dist - OPTIONS= - CONFIGURE_ARGS= -@@ -333,10 +334,9 @@ clean-shared: - link-shared: - @ set -e; for i in $(SHLIBDIRS); do \ - $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ -- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ -+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - symlink.$(SHLIB_TARGET); \ -- libs="$$libs -l$$i"; \ - done - - build-shared: do_$(SHLIB_TARGET) link-shared -@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET): - libs="$(LIBKRB5) $$libs"; \ - fi; \ - $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ -- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ -+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - LIBDEPS="$$libs $(EX_LIBS)" \ - link_a.$(SHLIB_TARGET); \ diff --git a/src/patches/openssl-1.0.1e-cryptodev.patch b/src/patches/openssl-1.0.1e-cryptodev.patch deleted file mode 100644 index 29b6f77..0000000 --- a/src/patches/openssl-1.0.1e-cryptodev.patch +++ /dev/null @@ -1,712 +0,0 @@ -Patch created by Michael Tremer michael.tremer@ipfire.org from - http://download.gna.org/cryptodev-linux/cryptodev-linux-1.6.tar.gz - -diff -Nur openssl-1.0.1e-vanilla/crypto/cryptodev.h openssl-1.0.1e/crypto/cryptodev.h ---- openssl-1.0.1e-vanilla/crypto/cryptodev.h 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1e/crypto/cryptodev.h 2013-12-25 14:27:20.907326820 +0000 -@@ -0,0 +1,292 @@ -+/* This is a source compatible implementation with the original API of -+ * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. -+ * Placed under public domain */ -+ -+#ifndef L_CRYPTODEV_H -+#define L_CRYPTODEV_H -+ -+#include <linux/types.h> -+#ifndef __KERNEL__ -+#define __user -+#endif -+ -+/* API extensions for linux */ -+#define CRYPTO_HMAC_MAX_KEY_LEN 512 -+#define CRYPTO_CIPHER_MAX_KEY_LEN 64 -+ -+/* All the supported algorithms -+ */ -+enum cryptodev_crypto_op_t { -+ CRYPTO_DES_CBC = 1, -+ CRYPTO_3DES_CBC = 2, -+ CRYPTO_BLF_CBC = 3, -+ CRYPTO_CAST_CBC = 4, -+ CRYPTO_SKIPJACK_CBC = 5, -+ CRYPTO_MD5_HMAC = 6, -+ CRYPTO_SHA1_HMAC = 7, -+ CRYPTO_RIPEMD160_HMAC = 8, -+ CRYPTO_MD5_KPDK = 9, -+ CRYPTO_SHA1_KPDK = 10, -+ CRYPTO_RIJNDAEL128_CBC = 11, -+ CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC, -+ CRYPTO_ARC4 = 12, -+ CRYPTO_MD5 = 13, -+ CRYPTO_SHA1 = 14, -+ CRYPTO_DEFLATE_COMP = 15, -+ CRYPTO_NULL = 16, -+ CRYPTO_LZS_COMP = 17, -+ CRYPTO_SHA2_256_HMAC = 18, -+ CRYPTO_SHA2_384_HMAC = 19, -+ CRYPTO_SHA2_512_HMAC = 20, -+ CRYPTO_AES_CTR = 21, -+ CRYPTO_AES_XTS = 22, -+ CRYPTO_AES_ECB = 23, -+ CRYPTO_AES_GCM = 50, -+ -+ CRYPTO_CAMELLIA_CBC = 101, -+ CRYPTO_RIPEMD160, -+ CRYPTO_SHA2_224, -+ CRYPTO_SHA2_256, -+ CRYPTO_SHA2_384, -+ CRYPTO_SHA2_512, -+ CRYPTO_SHA2_224_HMAC, -+ CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ -+}; -+ -+#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1) -+ -+/* Values for ciphers */ -+#define DES_BLOCK_LEN 8 -+#define DES3_BLOCK_LEN 8 -+#define RIJNDAEL128_BLOCK_LEN 16 -+#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN -+#define CAMELLIA_BLOCK_LEN 16 -+#define BLOWFISH_BLOCK_LEN 8 -+#define SKIPJACK_BLOCK_LEN 8 -+#define CAST128_BLOCK_LEN 8 -+ -+/* the maximum of the above */ -+#define EALG_MAX_BLOCK_LEN 16 -+ -+/* Values for hashes/MAC */ -+#define AALG_MAX_RESULT_LEN 64 -+ -+/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */ -+#define CRYPTODEV_MAX_ALG_NAME 64 -+ -+#define HASH_MAX_LEN 64 -+ -+/* input of CIOCGSESSION */ -+struct session_op { -+ /* Specify either cipher or mac -+ */ -+ __u32 cipher; /* cryptodev_crypto_op_t */ -+ __u32 mac; /* cryptodev_crypto_op_t */ -+ -+ __u32 keylen; -+ __u8 __user *key; -+ __u32 mackeylen; -+ __u8 __user *mackey; -+ -+ __u32 ses; /* session identifier */ -+}; -+ -+struct session_info_op { -+ __u32 ses; /* session identifier */ -+ -+ /* verbose names for the requested ciphers */ -+ struct alg_info { -+ char cra_name[CRYPTODEV_MAX_ALG_NAME]; -+ char cra_driver_name[CRYPTODEV_MAX_ALG_NAME]; -+ } cipher_info, hash_info; -+ -+ __u16 alignmask; /* alignment constraints */ -+ __u32 flags; /* SIOP_FLAGS_* */ -+}; -+ -+/* If this flag is set then this algorithm uses -+ * a driver only available in kernel (software drivers, -+ * or drivers based on instruction sets do not set this flag). -+ * -+ * If multiple algorithms are involved (as in AEAD case), then -+ * if one of them is kernel-driver-only this flag will be set. -+ */ -+#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1 -+ -+#define COP_ENCRYPT 0 -+#define COP_DECRYPT 1 -+ -+/* input of CIOCCRYPT */ -+struct crypt_op { -+ __u32 ses; /* session identifier */ -+ __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ -+ __u16 flags; /* see COP_FLAG_* */ -+ __u32 len; /* length of source data */ -+ __u8 __user *src; /* source data */ -+ __u8 __user *dst; /* pointer to output data */ -+ /* pointer to output data for hash/MAC operations */ -+ __u8 __user *mac; -+ /* initialization vector for encryption operations */ -+ __u8 __user *iv; -+}; -+ -+/* input of CIOCAUTHCRYPT */ -+struct crypt_auth_op { -+ __u32 ses; /* session identifier */ -+ __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ -+ __u16 flags; /* see COP_FLAG_AEAD_* */ -+ __u32 len; /* length of source data */ -+ __u32 auth_len; /* length of auth data */ -+ __u8 __user *auth_src; /* authenticated-only data */ -+ -+ /* The current implementation is more efficient if data are -+ * encrypted in-place (src==dst). */ -+ __u8 __user *src; /* data to be encrypted and authenticated */ -+ __u8 __user *dst; /* pointer to output data. Must have -+ * space for tag. For TLS this should be at least -+ * len + tag_size + block_size for padding */ -+ -+ __u8 __user *tag; /* where the tag will be copied to. TLS mode -+ * doesn't use that as tag is copied to dst. -+ * SRTP mode copies tag there. */ -+ __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */ -+ -+ /* initialization vector for encryption operations */ -+ __u8 __user *iv; -+ __u32 iv_len; -+}; -+ -+/* In plain AEAD mode the following are required: -+ * flags : 0 -+ * iv : the initialization vector (12 bytes) -+ * auth_len: the length of the data to be authenticated -+ * auth_src: the data to be authenticated -+ * len : length of data to be encrypted -+ * src : the data to be encrypted -+ * dst : space to hold encrypted data. It must have -+ * at least a size of len + tag_size. -+ * tag_size: the size of the desired authentication tag or zero to use -+ * the maximum tag output. -+ * -+ * Note tag isn't being used because the Linux AEAD interface -+ * copies the tag just after data. -+ */ -+ -+/* In TLS mode (used for CBC ciphers that required padding) -+ * the following are required: -+ * flags : COP_FLAG_AEAD_TLS_TYPE -+ * iv : the initialization vector -+ * auth_len: the length of the data to be authenticated only -+ * len : length of data to be encrypted -+ * auth_src: the data to be authenticated -+ * src : the data to be encrypted -+ * dst : space to hold encrypted data (preferably in-place). It must have -+ * at least a size of len + tag_size + blocksize. -+ * tag_size: the size of the desired authentication tag or zero to use -+ * the default mac output. -+ * -+ * Note that the padding used is the minimum padding. -+ */ -+ -+/* In SRTP mode the following are required: -+ * flags : COP_FLAG_AEAD_SRTP_TYPE -+ * iv : the initialization vector -+ * auth_len: the length of the data to be authenticated. This must -+ * include the SRTP header + SRTP payload (data to be encrypted) + rest -+ * -+ * len : length of data to be encrypted -+ * auth_src: pointer the data to be authenticated. Should point at the same buffer as src. -+ * src : pointer to the data to be encrypted. -+ * dst : This is mandatory to be the same as src (in-place only). -+ * tag_size: the size of the desired authentication tag or zero to use -+ * the default mac output. -+ * tag : Pointer to an address where the authentication tag will be copied. -+ */ -+ -+ -+/* struct crypt_op flags */ -+ -+#define COP_FLAG_NONE (0 << 0) /* totally no flag */ -+#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */ -+#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */ -+#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */ -+#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */ -+#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the -+ * TLS protocol rules */ -+#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the -+ * SRTP protocol rules */ -+#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state. -+ * should be used in combination -+ * with COP_FLAG_UPDATE */ -+ -+ -+/* Stuff for bignum arithmetic and public key -+ * cryptography - not supported yet by linux -+ * cryptodev. -+ */ -+ -+#define CRYPTO_ALG_FLAG_SUPPORTED 1 -+#define CRYPTO_ALG_FLAG_RNG_ENABLE 2 -+#define CRYPTO_ALG_FLAG_DSA_SHA 4 -+ -+struct crparam { -+ __u8 *crp_p; -+ __u32 crp_nbits; -+}; -+ -+#define CRK_MAXPARAM 8 -+ -+/* input of CIOCKEY */ -+struct crypt_kop { -+ __u32 crk_op; /* cryptodev_crk_ot_t */ -+ __u32 crk_status; -+ __u16 crk_iparams; -+ __u16 crk_oparams; -+ __u32 crk_pad1; -+ struct crparam crk_param[CRK_MAXPARAM]; -+}; -+ -+enum cryptodev_crk_op_t { -+ CRK_MOD_EXP = 0, -+ CRK_MOD_EXP_CRT = 1, -+ CRK_DSA_SIGN = 2, -+ CRK_DSA_VERIFY = 3, -+ CRK_DH_COMPUTE_KEY = 4, -+ CRK_ALGORITHM_ALL -+}; -+ -+#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1) -+ -+/* features to be queried with CIOCASYMFEAT ioctl -+ */ -+#define CRF_MOD_EXP (1 << CRK_MOD_EXP) -+#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) -+#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) -+#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) -+#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) -+ -+ -+/* ioctl's. Compatible with old linux cryptodev.h -+ */ -+#define CRIOGET _IOWR('c', 101, __u32) -+#define CIOCGSESSION _IOWR('c', 102, struct session_op) -+#define CIOCFSESSION _IOW('c', 103, __u32) -+#define CIOCCRYPT _IOWR('c', 104, struct crypt_op) -+#define CIOCKEY _IOWR('c', 105, struct crypt_kop) -+#define CIOCASYMFEAT _IOR('c', 106, __u32) -+#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op) -+ -+/* to indicate that CRIOGET is not required in linux -+ */ -+#define CRIOGET_NOT_NEEDED 1 -+ -+/* additional ioctls for AEAD */ -+#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op) -+ -+/* additional ioctls for asynchronous operation. -+ * These are conditionally enabled since version 1.6. -+ */ -+#define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) -+#define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) -+ -+#endif /* L_CRYPTODEV_H */ -diff -Nur openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c openssl-1.0.1e/crypto/engine/eng_cryptodev.c ---- openssl-1.0.1e-vanilla/crypto/engine/eng_cryptodev.c 2013-02-11 15:26:04.000000000 +0000 -+++ openssl-1.0.1e/crypto/engine/eng_cryptodev.c 2013-12-25 14:27:06.968877039 +0000 -@@ -2,6 +2,7 @@ - * Copyright (c) 2002 Bob Beck beck@openbsd.org - * Copyright (c) 2002 Theo de Raadt - * Copyright (c) 2002 Markus Friedl -+ * Copyright (c) 2012 Nikos Mavrogiannopoulos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -74,8 +75,6 @@ - int d_fd; - - #ifdef USE_CRYPTODEV_DIGESTS -- char dummy_mac_key[HASH_MAX_LEN]; -- - unsigned char digest_res[HASH_MAX_LEN]; - char *mac_data; - int mac_len; -@@ -157,15 +156,21 @@ - static struct { - int id; - int nid; -- int keylen; -+ int digestlen; - } digests[] = { -+#if 0 -+ /* HMAC is not supported */ - { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, -- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, -- { CRYPTO_MD5_KPDK, NID_undef, 0}, -- { CRYPTO_SHA1_KPDK, NID_undef, 0}, -+ { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, -+ { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, -+ { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, -+#endif - { CRYPTO_MD5, NID_md5, 16}, - { CRYPTO_SHA1, NID_sha1, 20}, -+ { CRYPTO_SHA2_256, NID_sha256, 32}, -+ { CRYPTO_SHA2_384, NID_sha384, 48}, -+ { CRYPTO_SHA2_512, NID_sha512, 64}, - { 0, NID_undef, 0}, - }; - #endif -@@ -243,13 +248,14 @@ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; - - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.key = (caddr_t)"123456789abcdefghijklmno"; -+ sess.key = (void*)fake_key; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) -@@ -281,6 +287,7 @@ - get_cryptodev_digests(const int **cnids) - { - static int nids[CRYPTO_ALGORITHM_MAX]; -+ unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN]; - struct session_op sess; - int fd, i, count = 0; - -@@ -289,12 +296,12 @@ - return (0); - } - memset(&sess, 0, sizeof(sess)); -- sess.mackey = (caddr_t)"123456789abcdefghijklmno"; -+ sess.mackey = fake_key; - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; -- sess.mackeylen = digests[i].keylen; -+ sess.mackeylen = 8; - sess.cipher = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) -@@ -382,14 +389,14 @@ - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; -- cryp.src = (caddr_t) in; -- cryp.dst = (caddr_t) out; -+ cryp.src = (void*) in; -+ cryp.dst = (void*) out; - cryp.mac = 0; - - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - - if (ctx->cipher->iv_len) { -- cryp.iv = (caddr_t) ctx->iv; -+ cryp.iv = (void*) ctx->iv; - if (!ctx->encrypt) { - iiv = in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); -@@ -440,7 +447,7 @@ - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - -- sess->key = (caddr_t)key; -+ sess->key = (void*)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; - -@@ -660,18 +667,6 @@ - } - - --static int --digest_key_length(int nid) --{ -- int i; -- -- for (i = 0; digests[i].id; i++) -- if (digests[i].nid == nid) -- return digests[i].keylen; -- return (0); --} -- -- - static int cryptodev_digest_init(EVP_MD_CTX *ctx) - { - struct dev_crypto_state *state = ctx->md_data; -@@ -682,7 +677,6 @@ - printf("cryptodev_digest_init: Can't get digest \n"); - return (0); - } -- - memset(state, 0, sizeof(struct dev_crypto_state)); - - if ((state->d_fd = get_dev_crypto()) < 0) { -@@ -690,8 +684,8 @@ - return (0); - } - -- sess->mackey = state->dummy_mac_key; -- sess->mackeylen = digest_key_length(ctx->digest->type); -+ sess->mackey = NULL; -+ sess->mackeylen = 0; - sess->mac = digest; - - if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { -@@ -707,8 +701,8 @@ - static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - size_t count) - { -- struct crypt_op cryp; - struct dev_crypto_state *state = ctx->md_data; -+ struct crypt_op cryp; - struct session_op *sess = &state->d_sess; - - if (!data || state->d_fd < 0) { -@@ -717,7 +711,7 @@ - } - - if (!count) { -- return (0); -+ return (1); - } - - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { -@@ -740,9 +734,9 @@ - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = count; -- cryp.src = (caddr_t) data; -+ cryp.src = (void*) data; - cryp.dst = NULL; -- cryp.mac = (caddr_t) state->digest_res; -+ cryp.mac = (void*) state->digest_res; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_update: digest failed\n"); - return (0); -@@ -757,8 +751,6 @@ - struct dev_crypto_state *state = ctx->md_data; - struct session_op *sess = &state->d_sess; - -- int ret = 1; -- - if (!md || state->d_fd < 0) { - printf("cryptodev_digest_final: illegal input\n"); - return(0); -@@ -772,7 +764,7 @@ - cryp.len = state->mac_len; - cryp.src = state->mac_data; - cryp.dst = NULL; -- cryp.mac = (caddr_t)md; -+ cryp.mac = (void*)md; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_final: digest failed\n"); - return (0); -@@ -783,7 +775,7 @@ - - memcpy(md, state->digest_res, ctx->digest->md_size); - -- return (ret); -+ return 1; - } - - -@@ -835,8 +827,8 @@ - - digest = digest_nid_to_cryptodev(to->digest->type); - -- sess->mackey = dstate->dummy_mac_key; -- sess->mackeylen = digest_key_length(to->digest->type); -+ sess->mackey = NULL; -+ sess->mackeylen = 0; - sess->mac = digest; - - dstate->d_fd = get_dev_crypto(); -@@ -861,34 +853,117 @@ - } - - --const EVP_MD cryptodev_sha1 = { -+static const EVP_MD cryptodev_sha1 = { - NID_sha1, -- NID_undef, -+ NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif - EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, -- EVP_PKEY_NULL_method, -+ EVP_PKEY_RSA_method, - SHA_CBLOCK, -- sizeof(struct dev_crypto_state), -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha256 = { -+ NID_sha256, -+ NID_sha256WithRSAEncryption, -+ SHA256_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA256_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+static const EVP_MD cryptodev_sha224 = { -+ NID_sha224, -+ NID_sha224WithRSAEncryption, -+ SHA224_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA256_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha384 = { -+ NID_sha384, -+ NID_sha384WithRSAEncryption, -+ SHA384_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -+}; -+ -+static const EVP_MD cryptodev_sha512 = { -+ NID_sha512, -+ NID_sha512WithRSAEncryption, -+ SHA512_DIGEST_LENGTH, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif -+ EVP_MD_FLAG_ONESHOT, -+ cryptodev_digest_init, -+ cryptodev_digest_update, -+ cryptodev_digest_final, -+ cryptodev_digest_copy, -+ cryptodev_digest_cleanup, -+ EVP_PKEY_RSA_method, -+ SHA512_CBLOCK, -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), - }; - --const EVP_MD cryptodev_md5 = { -+static const EVP_MD cryptodev_md5 = { - NID_md5, -- NID_undef, -+ NID_md5WithRSAEncryption, - 16 /* MD5_DIGEST_LENGTH */, -+#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT) -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE| -+ EVP_MD_FLAG_DIGALGID_ABSENT| -+#endif - EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, -- EVP_PKEY_NULL_method, -+ EVP_PKEY_RSA_method, - 64 /* MD5_CBLOCK */, -- sizeof(struct dev_crypto_state), -+ sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), - }; - - #endif /* USE_CRYPTODEV_DIGESTS */ -@@ -909,6 +984,18 @@ - case NID_sha1: - *digest = &cryptodev_sha1; - break; -+ case NID_sha224: -+ *digest = &cryptodev_sha224; -+ break; -+ case NID_sha256: -+ *digest = &cryptodev_sha256; -+ break; -+ case NID_sha384: -+ *digest = &cryptodev_sha384; -+ break; -+ case NID_sha512: -+ *digest = &cryptodev_sha512; -+ break; - default: - #endif /* USE_CRYPTODEV_DIGESTS */ - *digest = NULL; -@@ -940,7 +1027,7 @@ - return (1); - memset(b, 0, bytes); - -- crp->crp_p = (caddr_t) b; -+ crp->crp_p = (void*) b; - crp->crp_nbits = bits; - - for (i = 0, j = 0; i < a->top; i++) { -@@ -1193,7 +1280,7 @@ - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -+ kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -1233,7 +1320,7 @@ - kop.crk_op = CRK_DSA_VERIFY; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ -- kop.crk_param[0].crp_p = (caddr_t)dgst; -+ kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; -@@ -1311,9 +1398,10 @@ - goto err; - kop.crk_iparams = 3; - -- kop.crk_param[3].crp_p = (caddr_t) key; -- kop.crk_param[3].crp_nbits = keylen * 8; -+ kop.crk_param[3].crp_p = (void*) key; -+ kop.crk_param[3].crp_nbits = keylen; - kop.crk_oparams = 1; -+ dhret = keylen/8; - - if (ioctl(fd, CIOCKEY, &kop) == -1) { - const DH_METHOD *meth = DH_OpenSSL(); -@@ -1385,7 +1473,7 @@ - put_dev_crypto(fd); - - if (!ENGINE_set_id(engine, "cryptodev") || -- !ENGINE_set_name(engine, "BSD cryptodev engine") || -+ !ENGINE_set_name(engine, "cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || - !ENGINE_set_digests(engine, cryptodev_engine_digests) || - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || diff --git a/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch b/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch deleted file mode 100644 index 855e4fe..0000000 --- a/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch +++ /dev/null @@ -1,340 +0,0 @@ -Submitted By: Armin K. <krejzi at email dot com> -Date: 2013-05-05 -Initial Package Version: 1.0.1e -Upstream Status: Unknown -Origin: https://github.com/Alexpux/Qt-builds/tree/master/patches/openssl -Description: Fixes build with make -jx, where x is greater than 1. - ---- a/crypto/Makefile 2013-02-11 16:26:04.000000000 +0100 -+++ b/crypto/Makefile 2013-05-05 20:06:34.872208113 +0200 -@@ -86,11 +86,11 @@ - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -- @target=files; $(RECURSIVE_MAKE) -+ +@target=files; $(RECURSIVE_MAKE) - - links: - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -101,7 +101,7 @@ - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) | subdirs - $(AR) $(LIB) $(LIBOBJ) - [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -@@ -112,7 +112,7 @@ - fi - - libs: -- @target=lib; $(RECURSIVE_MAKE) -+ +@target=lib; $(RECURSIVE_MAKE) - - install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -121,7 +121,7 @@ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - lint: - @target=lint; $(RECURSIVE_MAKE) ---- a/engines/Makefile 2013-02-11 16:26:04.000000000 +0100 -+++ b/engines/Makefile 2013-05-05 20:06:34.872208113 +0200 -@@ -72,7 +72,7 @@ - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) | subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ +@target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -@@ -128,7 +128,7 @@ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi -- @target=install; $(RECURSIVE_MAKE) -+ +@target=install; $(RECURSIVE_MAKE) - - tags: - ctags $(SRC) ---- a/Makefile.org 2013-02-11 16:26:04.000000000 +0100 -+++ b/Makefile.org 2013-05-05 20:06:34.862207917 +0200 -@@ -273,17 +273,17 @@ - build_libs: build_crypto build_ssl build_engines - - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -- @dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -- @dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -- @dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -- @dir=test; target=all; $(BUILD_ONE_CMD) --build_tools: -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ +@dir=crypto; target=all; $(BUILD_ONE_CMD) -+build_ssl: build_crypto -+ +@dir=ssl; target=all; $(BUILD_ONE_CMD) -+build_engines: build_crypto -+ +@dir=engines; target=all; $(BUILD_ONE_CMD) -+build_apps: build_libs -+ +@dir=apps; target=all; $(BUILD_ONE_CMD) -+build_tests: build_libs -+ +@dir=test; target=all; $(BUILD_ONE_CMD) -+build_tools: build_libs -+ +@dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -537,9 +537,9 @@ - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: install_docs install_sw - --install_sw: -+install_dirs: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -@@ -548,12 +548,19 @@ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ @$(PERL) $(TOP)/util/mkdir-p.pl \ -+ $(INSTALL_PREFIX)$(MANDIR)/man1 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man3 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man5 \ -+ $(INSTALL_PREFIX)$(MANDIR)/man7 -+ -+install_sw: install_dirs - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; -- @set -e; target=install; $(RECURSIVE_BUILD_CMD) -+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ -@@ -633,12 +640,7 @@ - done; \ - done - --install_docs: -- @$(PERL) $(TOP)/util/mkdir-p.pl \ -- $(INSTALL_PREFIX)$(MANDIR)/man1 \ -- $(INSTALL_PREFIX)$(MANDIR)/man3 \ -- $(INSTALL_PREFIX)$(MANDIR)/man5 \ -- $(INSTALL_PREFIX)$(MANDIR)/man7 -+install_docs: install_dirs - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ ---- a/Makefile.shared 2013-02-11 16:26:04.000000000 +0100 -+++ b/Makefile.shared 2013-05-05 20:06:34.872208113 +0200 -@@ -105,6 +105,7 @@ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ -@@ -122,6 +123,7 @@ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ -+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ - ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ - fi; \ ---- a/test/Makefile 2013-02-11 16:26:04.000000000 +0100 -+++ b/test/Makefile 2013-05-05 20:06:34.872208113 +0200 -@@ -124,7 +124,7 @@ - tags: - ctags $(SRC) - --tests: exe apps $(TESTS) -+tests: exe $(TESTS) - - apps: - @(cd ..; $(MAKE) DIRS=apps all) -@@ -365,109 +365,109 @@ - link_app.$${shlib_target} - - $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) -- @target=$(RSATEST); $(BUILD_CMD) -+ +@target=$(RSATEST); $(BUILD_CMD) - - $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) -- @target=$(BNTEST); $(BUILD_CMD) -+ +@target=$(BNTEST); $(BUILD_CMD) - - $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) -- @target=$(ECTEST); $(BUILD_CMD) -+ +@target=$(ECTEST); $(BUILD_CMD) - - $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) -- @target=$(EXPTEST); $(BUILD_CMD) -+ +@target=$(EXPTEST); $(BUILD_CMD) - - $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) -- @target=$(IDEATEST); $(BUILD_CMD) -+ +@target=$(IDEATEST); $(BUILD_CMD) - - $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) -- @target=$(MD2TEST); $(BUILD_CMD) -+ +@target=$(MD2TEST); $(BUILD_CMD) - - $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) -- @target=$(SHATEST); $(BUILD_CMD) -+ +@target=$(SHATEST); $(BUILD_CMD) - - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) -- @target=$(SHA1TEST); $(BUILD_CMD) -+ +@target=$(SHA1TEST); $(BUILD_CMD) - - $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) -- @target=$(SHA256TEST); $(BUILD_CMD) -+ +@target=$(SHA256TEST); $(BUILD_CMD) - - $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) -- @target=$(SHA512TEST); $(BUILD_CMD) -+ +@target=$(SHA512TEST); $(BUILD_CMD) - - $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) -- @target=$(RMDTEST); $(BUILD_CMD) -+ +@target=$(RMDTEST); $(BUILD_CMD) - - $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) -- @target=$(MDC2TEST); $(BUILD_CMD) -+ +@target=$(MDC2TEST); $(BUILD_CMD) - - $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) -- @target=$(MD4TEST); $(BUILD_CMD) -+ +@target=$(MD4TEST); $(BUILD_CMD) - - $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) -- @target=$(MD5TEST); $(BUILD_CMD) -+ +@target=$(MD5TEST); $(BUILD_CMD) - - $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) -- @target=$(HMACTEST); $(BUILD_CMD) -+ +@target=$(HMACTEST); $(BUILD_CMD) - - $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) -- @target=$(WPTEST); $(BUILD_CMD) -+ +@target=$(WPTEST); $(BUILD_CMD) - - $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) -- @target=$(RC2TEST); $(BUILD_CMD) -+ +@target=$(RC2TEST); $(BUILD_CMD) - - $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) -- @target=$(BFTEST); $(BUILD_CMD) -+ +@target=$(BFTEST); $(BUILD_CMD) - - $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) -- @target=$(CASTTEST); $(BUILD_CMD) -+ +@target=$(CASTTEST); $(BUILD_CMD) - - $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) -- @target=$(RC4TEST); $(BUILD_CMD) -+ +@target=$(RC4TEST); $(BUILD_CMD) - - $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) -- @target=$(RC5TEST); $(BUILD_CMD) -+ +@target=$(RC5TEST); $(BUILD_CMD) - - $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) -- @target=$(DESTEST); $(BUILD_CMD) -+ +@target=$(DESTEST); $(BUILD_CMD) - - $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) -- @target=$(RANDTEST); $(BUILD_CMD) -+ +@target=$(RANDTEST); $(BUILD_CMD) - - $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) -- @target=$(DHTEST); $(BUILD_CMD) -+ +@target=$(DHTEST); $(BUILD_CMD) - - $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) -- @target=$(DSATEST); $(BUILD_CMD) -+ +@target=$(DSATEST); $(BUILD_CMD) - - $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) -- @target=$(METHTEST); $(BUILD_CMD) -+ +@target=$(METHTEST); $(BUILD_CMD) - - $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) -- @target=$(SSLTEST); $(FIPS_BUILD_CMD) -+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) - - $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) -- @target=$(ENGINETEST); $(BUILD_CMD) -+ +@target=$(ENGINETEST); $(BUILD_CMD) - - $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) -- @target=$(EVPTEST); $(BUILD_CMD) -+ +@target=$(EVPTEST); $(BUILD_CMD) - - $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) -- @target=$(ECDSATEST); $(BUILD_CMD) -+ +@target=$(ECDSATEST); $(BUILD_CMD) - - $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) -- @target=$(ECDHTEST); $(BUILD_CMD) -+ +@target=$(ECDHTEST); $(BUILD_CMD) - - $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) -- @target=$(IGETEST); $(BUILD_CMD) -+ +@target=$(IGETEST); $(BUILD_CMD) - - $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) -- @target=$(JPAKETEST); $(BUILD_CMD) -+ +@target=$(JPAKETEST); $(BUILD_CMD) - - $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) -- @target=$(ASN1TEST); $(BUILD_CMD) -+ +@target=$(ASN1TEST); $(BUILD_CMD) - - $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) -- @target=$(SRPTEST); $(BUILD_CMD) -+ +@target=$(SRPTEST); $(BUILD_CMD) - - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -480,7 +480,7 @@ - # fi - - dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) -- @target=dummytest; $(BUILD_CMD) -+ +@target=dummytest; $(BUILD_CMD) - - # DO NOT DELETE THIS LINE -- make depend depends on it. - diff --git a/src/patches/openssl-1.0.1e-rpmbuild.patch b/src/patches/openssl-1.0.1e-rpmbuild.patch new file mode 100644 index 0000000..b01520e --- /dev/null +++ b/src/patches/openssl-1.0.1e-rpmbuild.patch @@ -0,0 +1,63 @@ +diff -up openssl-1.0.1e/Configure.rpmbuild openssl-1.0.1e/Configure +--- openssl-1.0.1e/Configure.rpmbuild 2014-08-13 19:19:53.211005598 +0200 ++++ openssl-1.0.1e/Configure 2014-08-13 19:29:21.704099285 +0200 +@@ -1675,7 +1676,7 @@ while (<IN>) + elsif ($shared_extension ne "" && $shared_extension =~ /^.s([ol]).[^.]*.[^.]*$/) + { + my $sotmp = $1; +- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_MAJOR) .s$sotmp/; ++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_SONAMEVER) .s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^.[^.]*.[^.]*.dylib$/) + { +diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org +--- openssl-1.0.1e/Makefile.org.rpmbuild 2013-02-11 16:26:04.000000000 +0100 ++++ openssl-1.0.1e/Makefile.org 2014-08-13 19:19:53.218005759 +0200 +@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= + SHLIB_MAJOR= + SHLIB_MINOR= + SHLIB_EXT= ++SHLIB_SONAMEVER=10 + PLATFORM=dist + OPTIONS= + CONFIGURE_ARGS= +@@ -333,10 +334,9 @@ clean-shared: + link-shared: + @ set -e; for i in $(SHLIBDIRS); do \ + $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ +- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ ++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + symlink.$(SHLIB_TARGET); \ +- libs="$$libs -l$$i"; \ + done + + build-shared: do_$(SHLIB_TARGET) link-shared +@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET): + libs="$(LIBKRB5) $$libs"; \ + fi; \ + $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ +- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ ++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + LIBDEPS="$$libs $(EX_LIBS)" \ + link_a.$(SHLIB_TARGET); \ +--- a/Configure.old 2015-03-19 18:10:45.101201021 +0000 ++++ b/Configure 2015-03-19 18:11:19.324547495 +0000 +@@ -345,14 +345,14 @@ + #### + # *-generic* is endian-neutral target, but ./config is free to + # throw in -D[BL]_ENDIAN, whichever appropriate... +-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", ++"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_SONAMEVER)", + "linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", + # It's believed that majority of ARM toolchains predefine appropriate -march. + # If you compiler does not, do complement config command line with one! + "linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", + #### IA-32 targets... + "linux-ia32-icc", "icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", +-"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", ++"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_SONAMEVER)", + "linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", + #### + "linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", diff --git a/src/patches/openssl-1.0.1e-weak-ciphers.patch b/src/patches/openssl-1.0.1e-weak-ciphers.patch deleted file mode 100644 index 8657345..0000000 --- a/src/patches/openssl-1.0.1e-weak-ciphers.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h ---- openssl-1.0.1e/ssl/ssl.h.weak-ciphers 2013-12-18 15:50:40.881620314 +0100 -+++ openssl-1.0.1e/ssl/ssl.h 2013-12-18 14:25:25.596566704 +0100 -@@ -331,7 +331,7 @@ extern "C" { - /* The following cipher list is used by default. - * It also is substituted when an application-defined cipher list string - * starts with 'DEFAULT'. */ --#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" -+#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES" - /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always - * starts with a reasonable order, and all we have to do for DEFAULT is - * throwing out anonymous and unencrypted ciphersuites! diff --git a/src/patches/openssl-1.0.1m-weak-ciphers.patch b/src/patches/openssl-1.0.1m-weak-ciphers.patch new file mode 100644 index 0000000..f57b978 --- /dev/null +++ b/src/patches/openssl-1.0.1m-weak-ciphers.patch @@ -0,0 +1,11 @@ +--- openssl-1.0.1m/ssl/ssl.h.old 2015-03-19 15:25:20.646533583 +0100 ++++ openssl-1.0.1m/ssl/ssl.h 2015-03-19 15:25:31.229875691 +0100 +@@ -334,7 +334,7 @@ + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + */ +-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" ++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES" + /* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is diff --git a/src/patches/openssl-disable-sslv2-sslv3.patch b/src/patches/openssl-disable-sslv2-sslv3.patch index ebf5429..e42dfac 100644 --- a/src/patches/openssl-disable-sslv2-sslv3.patch +++ b/src/patches/openssl-disable-sslv2-sslv3.patch @@ -1,13 +1,12 @@ -diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c ---- openssl-1.0.1h/ssl/ssl_lib.c.v2v3 2014-06-11 16:02:52.000000000 +0200 -+++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-30 14:18:04.290248080 +0200 -@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - */ - ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - -+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */ -+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; -+ - return(ret); - err: - SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); +--- openssl-1.0.1m/ssl/ssl_lib.c.old 2015-03-19 15:56:40.966287977 +0100 ++++ openssl-1.0.1m/ssl/ssl_lib.c 2015-03-19 15:57:07.976160846 +0100 +@@ -1892,6 +1892,9 @@ + */ + ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + ++ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */ ++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; ++ + return (ret); + err: + SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
hooks/post-receive -- IPFire 2.x development tree