SF.net SVN: gar:[22967] csw/mgar/pkg/openssl1/trunk
chninkel at users.sourceforge.net
chninkel at users.sourceforge.net
Fri Feb 7 21:34:34 CET 2014
Revision: 22967
http://sourceforge.net/p/gar/code/22967
Author: chninkel
Date: 2014-02-07 20:34:33 +0000 (Fri, 07 Feb 2014)
Log Message:
-----------
openssl1/trunk: add the wanboot patch even if we don't enable it as the pkcs11 engine patch depends on it
Modified Paths:
--------------
csw/mgar/pkg/openssl1/trunk/Makefile
Added Paths:
-----------
csw/mgar/pkg/openssl1/trunk/files/openssl-1.0.1f-wanboot.patch
csw/mgar/pkg/openssl1/trunk/files/update-wanboot-patch.sh
Modified: csw/mgar/pkg/openssl1/trunk/Makefile
===================================================================
--- csw/mgar/pkg/openssl1/trunk/Makefile 2014-02-07 20:26:05 UTC (rev 22966)
+++ csw/mgar/pkg/openssl1/trunk/Makefile 2014-02-07 20:34:33 UTC (rev 22967)
@@ -129,6 +129,9 @@
# support for pkcs11 engine http://blogs.sun.com/chichang1/entry/how_to_integrate_pkcs11_engine
ifneq ($(shell /usr/bin/uname -r),5.9)
+ # The upstream pkcs11 engine patch depends on the wanboot one
+ # so we will apply the wanboot patch even if we will not enable wanboot
+ PATCHFILES += openssl-1.0.1f-wanboot.patch
PATCHFILES += openssl-1.0.1f-pkcs11-engine.patch
ENGINES += pk11
endif
Added: csw/mgar/pkg/openssl1/trunk/files/openssl-1.0.1f-wanboot.patch
===================================================================
--- csw/mgar/pkg/openssl1/trunk/files/openssl-1.0.1f-wanboot.patch (rev 0)
+++ csw/mgar/pkg/openssl1/trunk/files/openssl-1.0.1f-wanboot.patch 2014-02-07 20:34:33 UTC (rev 22967)
@@ -0,0 +1,497 @@
+--- openssl-1.0.0g/Makefile.org 2010-01-27 08:06:58.000000000 -0800
++++ openssl-1.0.0g-1/Makefile.org 2012-03-26 03:04:08.440194448 -0700
+@@ -138,7 +138,13 @@
+
+ BASEADDR=
+
++# For wanboot, we only need crypto and ssl.
++# 'apps' are not patched to work in stand-alone environment anyway.
++ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
++DIRS= crypto ssl
++else
+ DIRS= crypto ssl engines apps test tools
++endif
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+
+--- openssl-1.0.0g/Makefile 2012-01-18 05:42:28.000000000 -0800
++++ openssl-1.0.0g-1/Makefile 2012-03-26 03:03:59.170540344 -0700
+@@ -137,7 +137,13 @@
+
+ BASEADDR=0xFB00000
+
++# For wanboot, we only need crypto and ssl.
++# 'apps' are not patched to work in stand-alone environment anyway.
++ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
++DIRS= crypto ssl
++else
+ DIRS= crypto ssl engines apps test tools
++endif
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+
+--- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800
+@@ -900,6 +900,10 @@
+ MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
+ }
+ #else
++/* Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since
++ * * OPENSSL_showfatal() is not used anywhere else then here we can safely use
++ * * the code from 0.9.7d version. */
++#ifndef _BOOT
+ void OPENSSL_showfatal (const char *fmta,...)
+ { va_list ap;
+
+@@ -907,14 +911,21 @@
+ vfprintf (stderr,fmta,ap);
+ va_end (ap);
+ }
++#endif /* _BOOT */
+ int OPENSSL_isservice (void) { return 0; }
+ #endif
+
+ void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
++#ifndef _BOOT
+ OPENSSL_showfatal(
+ "%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
++#else
++ fprintf(stderr,
++ "%s(%d): OpenSSL internal error, assertion failed: %s\n",
++ file,line,assertion);
++#endif
+ #if !defined(_WIN32) || defined(__CYGWIN__)
+ abort();
+ #else
+--- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800
+@@ -148,7 +148,9 @@
+ ERR_load_X509V3_strings();
+ ERR_load_PKCS12_strings();
+ ERR_load_RAND_strings();
++#ifndef _BOOT
+ ERR_load_DSO_strings();
++#endif /* _BOOT */
+ ERR_load_TS_strings();
+ #ifndef OPENSSL_NO_ENGINE
+ ERR_load_ENGINE_strings();
+--- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800
+@@ -84,7 +84,7 @@
+ else
+ return(prompt_string);
+ }
+-
++#ifndef _BOOT
+ /* For historical reasons, the standard function for reading passwords is
+ * in the DES library -- if someone ever wants to disable DES,
+ * this function will fail */
+@@ -111,6 +111,7 @@
+ OPENSSL_cleanse(buff,BUFSIZ);
+ return ret;
+ }
++#endif /* !_BOOT */
+
+ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+ const unsigned char *salt, const unsigned char *data, int datal,
+--- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800
+@@ -122,7 +122,11 @@
+ #include <sys/time.h>
+ #include <sys/times.h>
+ #include <sys/stat.h>
++#ifdef _BOOT
++#include <sys/fcntl.h>
++#else
+ #include <fcntl.h>
++#endif
+ #include <unistd.h>
+ #include <time.h>
+ #if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
+@@ -253,6 +257,11 @@
+ const char **egdsocket = NULL;
+ #endif
+
++#ifdef _BOOT
++/* open() is provided by standalone libsa not visible from here */
++extern int open(const char *, int);
++#endif
++
+ #ifdef DEVRANDOM
+ memset(randomstats,0,sizeof(randomstats));
+ /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
+@@ -295,9 +304,13 @@
+ {
+ int try_read = 0;
+
+-#if defined(OPENSSL_SYS_BEOS_R5)
++#if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
+ /* select() is broken in BeOS R5, so we simply
+ * try to read something and snooze if we couldn't */
++ /*
++ * select() is not available when linking stand-alone
++ * library for wanboot
++ */
+ try_read = 1;
+
+ #elif defined(OPENSSL_SYS_LINUX)
+@@ -355,6 +368,7 @@
+ else
+ r = -1;
+
++#ifndef _BOOT
+ /* Some Unixen will update t in select(), some
+ won't. For those who won't, or if we
+ didn't use select() in the first place,
+@@ -366,13 +380,17 @@
+ }
+ while ((r > 0 ||
+ (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
++#else /* _BOOT */
++ }
++ while (r > 0 && n < ENTROPY_NEEDED);
++#endif /* _BOOT */
+
+ close(fd);
+ }
+ }
+ #endif /* defined(DEVRANDOM) */
+
+-#ifdef DEVRANDOM_EGD
++#if defined(DEVRANDOM_EGD) && !defined(_BOOT)
+ /* Use an EGD socket to read entropy from an EGD or PRNGD entropy
+ * collecting daemon. */
+
+@@ -395,6 +413,7 @@
+ }
+ #endif
+
++#ifndef _BOOT
+ /* put in some default random data, we need more than just this */
+ l=curr_pid;
+ RAND_add(&l,sizeof(l),0.0);
+@@ -403,6 +422,7 @@
+
+ l=time(NULL);
+ RAND_add(&l,sizeof(l),0.0);
++#endif /* !_BOOT */
+
+ #if defined(OPENSSL_SYS_BEOS)
+ {
+
+--- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800
+@@ -57,9 +57,11 @@
+ */
+
+ /* We need to define this to get macros like S_IFBLK and S_IFCHR */
++#ifndef _BOOT
+ #if !defined(OPENSSL_SYS_VXWORKS)
+ #define _XOPEN_SOURCE 500
+ #endif
++#endif /* _BOOT */
+
+ #include <errno.h>
+ #include <stdio.h>
+--- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800
+@@ -659,9 +659,52 @@
+ }
+ }
+
++#if defined(_BOOT)
++/* This function was copied from bio/b_sock.c */
++static int get_ip(const char *str, unsigned char ip[4])
++ {
++ unsigned int tmp[4];
++ int num=0,c,ok=0;
++
++ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
++
++ for (;;)
++ {
++ c= *(str++);
++ if ((c >= '0') && (c <= '9'))
++ {
++ ok=1;
++ tmp[num]=tmp[num]*10+c-'0';
++ if (tmp[num] > 255) return(0);
++ }
++ else if (c == '.')
++ {
++ if (!ok) return(-1);
++ if (num == 3) return(0);
++ num++;
++ ok=0;
++ }
++ else if (c == '\0' && (num == 3) && ok)
++ break;
++ else
++ return(0);
++ }
++ ip[0]=tmp[0];
++ ip[1]=tmp[1];
++ ip[2]=tmp[2];
++ ip[3]=tmp[3];
++ return(1);
++ }
++#endif /* _BOOT */
++
+ static int ipv4_from_asc(unsigned char *v4, const char *in)
+ {
+ int a0, a1, a2, a3;
++
++#if defined(_BOOT)
++ if (get_ip(in, v4) != 1)
++ return 0;
++#else /* _BOOT */
+ if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+ return 0;
+ if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
+@@ -671,6 +716,7 @@
+ v4[1] = a1;
+ v4[2] = a2;
+ v4[3] = a3;
++#endif /* _BOOT */
+ return 1;
+ }
+
+--- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800
++++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800
+@@ -206,10 +206,19 @@
+ #define get_last_socket_error() errno
+ #define clear_socket_error() errno=0
+ #define ioctlsocket(a,b,c) ioctl(a,b,c)
++#ifdef _BOOT
++#include <netinet/in.h>
++extern int socket_read(int, void *, size_t, int);
++extern int socket_close(int);
++#define closesocket(s) socket_close(s)
++#define readsocket(s,b,n) socket_read((s),(b),(n), 200)
++#define writesocket(s,b,n) send((s),(b),(n), 0)
++#else /* !_BOOT */
+ #define closesocket(s) close(s)
+ #define readsocket(s,b,n) read((s),(b),(n))
+ #define writesocket(s,b,n) write((s),(b),(n))
+ #endif
++#endif
+
+ #ifdef WIN16 /* never the case */
+ # define MS_CALLBACK _far _loadds
+--- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800
+@@ -12,7 +12,11 @@
+ #define SPARCV9_VIS2 (1<<3) /* reserved */
+ #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */
+
++#ifndef _BOOT
+ static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
++#else
++static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++#endif
+
+ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
+ {
+@@ -33,6 +37,7 @@
+ void _sparcv9_vis2_probe(void);
+ void _sparcv9_fmadd_probe(void);
+
++#ifndef _BOOT
+ unsigned long OPENSSL_rdtsc(void)
+ {
+ if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
+@@ -44,8 +49,19 @@
+ else
+ return _sparcv9_rdtick();
+ }
++#endif
++
++#if defined(_BOOT)
++/*
++ * Hardcoding sparc capabilities for wanboot.
++ * Older CPUs are EOLed anyway.
++ */
++void OPENSSL_cpuid_setup(void)
++ {
++ OPENSSL_sparcv9cap_P = SPARCV9_VIS1;
++ }
+
+-#if 0 && defined(__sun) && defined(__SVR4)
++#elif 0 && defined(__sun) && defined(__SVR4)
+ /* This code path is disabled, because of incompatibility of
+ * libdevinfo.so.1 and libmalloc.so.1 (see below for details)
+ */
+--- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700
++++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800
+@@ -397,6 +397,11 @@
+ .type OPENSSL_cleanse,#function
+ .size OPENSSL_cleanse,.-OPENSSL_cleanse
+
++#ifndef _BOOT
+ .section ".init",#alloc,#execinstr
+ call OPENSSL_cpuid_setup
+ nop
++#else
++ nop
++ nop
++#endif
+--- openssl-1.0.1c/crypto/Makefile Thu Aug 2 12:56:38 2012
++++ openssl-1.0.1c/crypto/Makefile.new Thu Aug 2 12:59:43 2012
+@@ -35,9 +35,9 @@
+ LIB= $(TOP)/libcrypto.a
+ SHARED_LIB= libcrypto$(SHLIB_EXT)
+ LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
+- ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
++ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c wanboot-stubs.c
+ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
+- uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
++ uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o wanboot-stubs.o $(CPUID_OBJ)
+
+ SRC= $(LIBSRC)
+
+--- openssl-1.0.1f/ssl/s3_clnt.c Thu Jan 30 02:53:33 2014
++++ openssl-1.0.1f/ssl/s3_clnt.c.new Thu Jan 30 02:57:51 2014
+@@ -681,8 +681,13 @@
+
+ p=s->s3->client_random;
+
++#ifndef _BOOT
+ if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
+ goto err;
++#else
++ if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
++ goto err;
++#endif
+
+ /* Do the message type and length last */
+ d=p= &(buf[4]);
+Index: crypto//wanboot-stubs.c
+===================================================================
+diff -uNr openssl-1.0.1f/engines/wanboot-stubs.c openssl-1.0.1f/engines/wanboot-stubs.c
+--- openssl-1.0.1f/engines/wanboot-stubs.c 1970-01-01 01:00:00.000000000 +0100
++++ openssl-1.0.1f/engines/wanboot-stubs.c 2014-02-07 21:31:24.%N +0100
+@@ -0,0 +1,122 @@
++/*
++ * CDDL HEADER START
++ *
++ * The contents of this file are subject to the terms of the
++ * Common Development and Distribution License (the "License").
++ * You may not use this file except in compliance with the License.
++ *
++ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
++ * or http://www.opensolaris.org/os/licensing.
++ * See the License for the specific language governing permissions
++ * and limitations under the License.
++ *
++ * When distributing Covered Code, include this CDDL HEADER in each
++ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
++ * If applicable, add the following below this CDDL HEADER, with the
++ * fields enclosed by brackets "[]" replaced with your own identifying
++ * information: Portions Copyright [yyyy] [name of copyright owner]
++ *
++ * CDDL HEADER END
++ */
++/*
++ * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
++ */
++
++/* Content of this file is only needed for wanboot. */
++#ifdef _BOOT
++
++#include <sys/types.h>
++#include <dirent.h>
++#include <errno.h>
++#include <stddef.h>
++
++/*
++ * In OpenSSL 0.9.7 the EVP_read_pw_string now calls into the new "ui"
++ * routines of 0.9.7, which is not compiled in the standalone, so it is
++ * stubbed out here to avoid having to add a bunch of #ifndef's elsewhere.
++ */
++/* ARGSUSED */
++int
++EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int
++ verify)
++{
++ return (-1); /* failure */
++}
++
++/*
++ * In standalone issetugid() is always false.
++ */
++int
++OPENSSL_issetugid(void)
++{
++ return (1);
++}
++
++/*
++ * Directory routines -- currently, the only consumer of these interfaces
++ * is $SRC/common/openssl/ssl/ssl_cert.c, and it has fallback code in the
++ * case of failure, so we just fail opendir() and stub out the rest. At
++ * some point, we may need to provide a real implementation.
++ */
++/* ARGSUSED */
++DIR *
++opendir(const char *dirname)
++{
++ errno = EACCES;
++ return (NULL);
++}
++
++/* ARGSUSED */
++struct dirent *
++readdir(DIR *dirp)
++{
++ return (NULL);
++}
++
++/* ARGSUSED */
++int
++closedir(DIR *dirp)
++{
++ return (0);
++}
++
++/*
++ * Atoi is used on multiple places in libcrypto.
++ * This implementation is taken from stand-alone libsock library:
++ * usr/src/stand/lib/sock/sock_test.c
++ * Alternative solution: just extern it here, wanboot has -lsock anyway.
++ */
++#ifndef isdigit
++#define isdigit(c) ((c) >= '0' && (c) <= '9')
++#endif
++
++#ifndef isspace
++#define isspace(c) ((c) == ' ' || (c) == '\t' || (c) == '\n' || \
++ (c) == '\r' || (c) == '\f' || (c) == '\013')
++#endif
++int
++atoi(const char *p)
++{
++ int n;
++ int c = *p++, neg = 0;
++
++ while (isspace(c)) {
++ c = *p++;
++ }
++ if (!isdigit(c)) {
++ switch (c) {
++ case '-':
++ neg++;
++ /* FALLTHROUGH */
++ case '+':
++ c = *p++;
++ }
++ }
++ for (n = 0; isdigit(c); c = *p++) {
++ n *= 10; /* two steps to avoid unnecessary overflow */
++ n += '0' - c; /* accum neg to avoid surprises at MAX */
++ }
++ return (neg ? n : -n);
++}
++
++#endif /* _BOOT */
Added: csw/mgar/pkg/openssl1/trunk/files/update-wanboot-patch.sh
===================================================================
--- csw/mgar/pkg/openssl1/trunk/files/update-wanboot-patch.sh (rev 0)
+++ csw/mgar/pkg/openssl1/trunk/files/update-wanboot-patch.sh 2014-02-07 20:34:33 UTC (rev 22967)
@@ -0,0 +1,49 @@
+#!/bin/bash
+#
+# update-wanboot-patch - retrieve the last wanboot patch from
+# hg.openindiana.org repository
+#
+
+WANBOOT_FILES="wanboot-stubs.c"
+SOURCE_URL="http://buildfarm.opencsw.org/source/raw/solaris-userland/components/openssl/openssl-1.0.1/"
+WGET_OPTIONS="--quiet"
+
+
+if [[ -z "$1" ]]; then
+ echo "Usage: update-wanboot-patch.sh OPENSSL_VERSION"
+ exit 1
+fi
+
+VERSION="$1"
+PATCH_FILE="openssl-${VERSION}-wanboot.patch"
+PATCH_DATE=$(date +"%Y-%m-%d %H:%M:%S.%N %z")
+
+echo "Updating wanboot engine patch from ${SOURCE_URL}..."
+(
+ # ar in in /usr/ccs/bin under Solaris 9 and 10 so we change the path
+ wget $WGET_OPTIONS --output-document=- ${SOURCE_URL}/patches/30_wanboot.patch | \
+
+ gsed -e 's/\/usr\/bin\/ar/\/usr\/ccs\/bin\/ar/g'
+
+ # in the repository, the new files are not part of the patch, but we merge them
+ # in a single patch
+ for FILE in $WANBOOT_FILES; do \
+
+ wget $WGET_OPTIONS --output-document="${PATCH_FILE}.tmp" "${SOURCE_URL}/wanboot-openssl/$FILE"
+ NB_LINES=$(wc -l "${PATCH_FILE}.tmp" | awk '{ print $1 }')
+
+ echo "Index: crypto/$DIR/$FILE"
+ echo "==================================================================="
+ echo "diff -uNr openssl-${VERSION}/engines/$FILE openssl-${VERSION}/engines/$FILE"
+ echo "--- openssl-${VERSION}/engines/$FILE 1970-01-01 01:00:00.000000000 +0100"
+ echo "+++ openssl-${VERSION}/engines/$FILE ${PATCH_DATE}"
+ echo "@@ -0,0 +1,${NB_LINES} @@"
+ sed -e 's/^/+/' "${PATCH_FILE}.tmp"
+ done
+) > "${PATCH_FILE}"
+
+rm -f "${PATCH_FILE}.tmp"
+echo "Updated patch in ${PATCH_FILE}"
+
+
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the devel
mailing list