author | Sowrabha H G<sowrabha.hg@oracle.com> |
Wed, 15 Jul 2015 08:08:35 -0700 | |
branch | s11u2-sru |
changeset 4650 | 7a924b284d8d |
parent 3490 | 026457ca5815 |
permissions | -rw-r--r-- |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
1 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
2 |
# CDDL HEADER START |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
3 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
4 |
# The contents of this file are subject to the terms of the |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
5 |
# Common Development and Distribution License (the "License"). |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
6 |
# You may not use this file except in compliance with the License. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
7 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
8 |
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
9 |
# or http://www.opensolaris.org/os/licensing. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
10 |
# See the License for the specific language governing permissions |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
11 |
# and limitations under the License. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
12 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
13 |
# When distributing Covered Code, include this CDDL HEADER in each |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
14 |
# file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
15 |
# If applicable, add the following below this CDDL HEADER, with the |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
16 |
# fields enclosed by brackets "[]" replaced with your own identifying |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
17 |
# information: Portions Copyright [yyyy] [name of copyright owner] |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
18 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
19 |
# CDDL HEADER END |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
20 |
# |
2930
4177d9c0b142
17361355 Remove devcrypto engine
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
2921
diff
changeset
|
21 |
# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
22 |
# |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
23 |
|
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
24 |
|
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
25 |
Build Layout |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
26 |
--- |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
27 |
|
2921
8da1e7689d13
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2717
diff
changeset
|
28 |
OpenSSL build is run four times. Once for regular dynamic 1.0.1 non-fips, once |
8da1e7689d13
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2717
diff
changeset
|
29 |
for static 1.0.1 bits to link with standalone wanboot binary, once for 1.0.1 |
8da1e7689d13
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2717
diff
changeset
|
30 |
fips-140, and once for 1.0.1 FIPS-140 canister (in the openssl-fips component) |
8da1e7689d13
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2717
diff
changeset
|
31 |
needed to build 1.0.1 FIPS-140 certified libraries. All builds apart from |
745
09fd85317532
7141635 Deliver wanboot-openssl.o for wanboot
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
426
diff
changeset
|
32 |
static libraries for wanboot are done for 32 and 64 bits. So, in total, OpenSSL |
3490
026457ca5815
19789902 pkcs11 engine dumps core when the softtoken is disabled
Ivo Raisr <ivo.raisr@oracle.com>
parents:
3285
diff
changeset
|
33 |
is built seven times. OpenSSL for wanboot is only built on sparc. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
34 |
|
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
35 |
See also comments in all the Makefiles for more information. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
36 |
|
2674
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
37 |
OpenSSL Version |
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
38 |
--- |
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
39 |
|
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
40 |
For non-FIPS build, we currently deliver OpenSSL 1.0.1 with some updates |
2674
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
41 |
from OpenSSL 1.0.2 to make T4 instructions embedded in the OpenSSL |
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
42 |
upstream code. As of April 2013, 1.0.2 is not yet released, and therefore, |
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
43 |
we have decided to patch the code. |
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
44 |
The following files/code are copied in from 1.0.2. |
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
45 |
added: |
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
46 |
components/openssl/openssl-1.0.1/inline-t4/aest4-sparcv9.pl |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
47 |
components/openssl/openssl-1.0.1/inline-t4/dest4-sparcv9.pl |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
48 |
components/openssl/openssl-1.0.1/inline-t4/md5-sparcv9.pl |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
49 |
components/openssl/openssl-1.0.1/inline-t4/sparc_arch.h |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
50 |
components/openssl/openssl-1.0.1/inline-t4/sparct4-mont.pl |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
51 |
components/openssl/openssl-1.0.1/inline-t4/sparcv9_modes.pl |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
52 |
components/openssl/openssl-1.0.1/inline-t4/sparcv9-gf2m.pl |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
53 |
components/openssl/openssl-1.0.1/inline-t4/vis3-mont.pl |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
54 |
components/openssl/openssl-1.0.1/patches/openssl-t4-inline.sparc-patch |
2674
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
55 |
|
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
56 |
|
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
57 |
The non-fips Build. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
58 |
--- |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
59 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
60 |
The non-fips build is the main build of OpenSSL and includes the regular |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
61 |
binaries, libraries, man pages, and header files. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
62 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
63 |
Patches |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
64 |
--- |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
65 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
66 |
08-6193522.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
67 |
Give CA.pl better defaults. See 6193522 for more information. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
68 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
69 |
11-6546806.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
70 |
Make sure the HMAC_CTX_init(3) man page gets delivered. See 6546806 for |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
71 |
more information. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
72 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
73 |
14-manpage_openssl.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
74 |
Force openssl to install man pages into man[1357]openssl instead of man[1357]. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
75 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
76 |
15-pkcs11_engine-0.9.8a.patch |
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
77 |
Patch which adds the pkcs11 engine. See also the engines/pkcs11 |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
78 |
sub-directory. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
79 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
80 |
18-compiler_opts.patch |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
81 |
Adds five Solaris specific configurations (both 32bit and 64bit for both sparc |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
82 |
and x86, plus 64bit sparc for wanboot) to Configure which are then explicitly |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
83 |
used by the Makefiles. Wanboot configuration is special in that it doesn't link |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
84 |
with libc and uses -xF=%all to put functions in separate sections, so that |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
85 |
unused code can be discarded. |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
86 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
87 |
Care should be taken if modifying this patch as changes to compile-time options |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
88 |
can change the ABI. One example of this is the use of RC4_INT vs RC4_CHAR. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
89 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
90 |
20-remove_rpath.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
91 |
Prevent build binaries having an unnecessary runpath (/lib). |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
92 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
93 |
23-noexstack.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
94 |
Build with non-executable stacks and non-executable data (x86). |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
95 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
96 |
27-6978791.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
97 |
Modifies Makefile.shared so that libssl is built with -znodelete. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
98 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
99 |
28-enginesdir.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
100 |
Adds a new "enginesdir" option to the Configure script which allows a user to |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
101 |
specify the engines directory. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
102 |
|
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
103 |
30_wanboot.patch: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
104 |
Wanboot specific patches. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
105 |
- modified Makefiles not to build in engines apps test tools |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
106 |
- not using vfprintf for error print in crypto/cryptlib.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
107 |
- not using ERR_load_DSO_strings() in crypto/err/err_all.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
108 |
- not using EVP_read_pw_string() in crypto/evp/evp_key.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
109 |
- reading password is implemented in disabled DES library |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
110 |
- avoid select() in crypto/rand/rand_unix.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
111 |
- direct reading of IP to avoid sscanf() in crypto/x509v3/v3_utl.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
112 |
- using functions from libsock in e_os.h |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
113 |
- by-passing version of sparc detection in crypto/sparcv9cap.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
114 |
- results in not using FPU for big numbers multiplication |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
115 |
- should be ok - original detection seems broken, FPU gets never used |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
116 |
- implementation of atoi() |
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
117 |
- avoid using ssl_fill_hello_random() in s3_clnt.c |
419
a926b383669b
7025650 Default 32-bit /usr/bin/openssl hurts performance on 64-bit amd64 and sparcv9
Dan Anderson <dan.anderson@oracle.com>
parents:
363
diff
changeset
|
118 |
|
3217
6c32d6df504a
17283726 memory leak with EVP_CipherInit_ex
Ronald Jordan <ron.jordan@oracle.com>
parents:
2931
diff
changeset
|
119 |
36_evp_leak.patch: |
6c32d6df504a
17283726 memory leak with EVP_CipherInit_ex
Ronald Jordan <ron.jordan@oracle.com>
parents:
2931
diff
changeset
|
120 |
Solaris-specific fix for mem leak caused by EVP_EncryptFinal_ex() |
6c32d6df504a
17283726 memory leak with EVP_CipherInit_ex
Ronald Jordan <ron.jordan@oracle.com>
parents:
2931
diff
changeset
|
121 |
and EVP_DecryptFinal_ex() not cleaning up properly. |
6c32d6df504a
17283726 memory leak with EVP_CipherInit_ex
Ronald Jordan <ron.jordan@oracle.com>
parents:
2931
diff
changeset
|
122 |
|
3285
78460de60ed1
17799549 libcrypto openssl incorrect size for libcrypto.so.1.0.0`_sparcv9_random
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
3217
diff
changeset
|
123 |
37_openssl-t4-inline.patch |
2674
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
124 |
SPARC-only patch. |
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
125 |
Add patch to support inline T4 instruction in OpenSSL upstream code until |
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
126 |
OpenSSL 1.0.2 is released. |
4801864231c8
PSARC 2013/034 OpenSSL 1.0.1
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
763
diff
changeset
|
127 |
|
3285
78460de60ed1
17799549 libcrypto openssl incorrect size for libcrypto.so.1.0.0`_sparcv9_random
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
3217
diff
changeset
|
128 |
38_remove_illegal_instruction_calls.patch |
78460de60ed1
17799549 libcrypto openssl incorrect size for libcrypto.so.1.0.0`_sparcv9_random
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
3217
diff
changeset
|
129 |
SPARC patch. Solaris-only patch. |
78460de60ed1
17799549 libcrypto openssl incorrect size for libcrypto.so.1.0.0`_sparcv9_random
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
3217
diff
changeset
|
130 |
Fix and/or remove illegal instructions from sparcv9cap.c. |
78460de60ed1
17799549 libcrypto openssl incorrect size for libcrypto.so.1.0.0`_sparcv9_random
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
3217
diff
changeset
|
131 |
|
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
132 |
opensslconf.patch |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
133 |
Modifies opensslconf.h so that it is suitable for both 32bit and 64bit installs. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
134 |
OpenSSL either builds for 32bit or 64bit - it doesn't allow for combined 32bit |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
135 |
and 64bit builds. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
136 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
137 |
The fips Build |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
138 |
--- |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
139 |
|
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
140 |
We are now shipping FIPS-140 certified OpenSSL 1.0.1 with S12 and S11.2. |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
141 |
The admin may choose to activate 'openssl-fips' implementation using 'pkg mediator'. |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
142 |
The change will come soon. |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
143 |
|
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
144 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
145 |
Patches |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
146 |
--- |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
147 |
|
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
148 |
All the patches from 1.0.1 (non-fips) are used in 1.0.1(fips) as well aside from |
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
149 |
14-manpage_openssl.patch which is not needed since we do not deliver 1.0.1(fips) man |
2921
8da1e7689d13
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2717
diff
changeset
|
150 |
pages. Once we make fips version public, we should deliver man page. |
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
151 |
(coming soon) |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
152 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
153 |
The wanboot Build |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
154 |
---- |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
155 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
156 |
There are some significant differences when building OpenSSL for wanboot. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
157 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
158 |
Some additional Configuration options are needed: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
159 |
-DNO_CHMOD chmod not available in stand-alone environment |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
160 |
-DBOOT guard for wanboot specific patches |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
161 |
-DOPENSSL_NO_DTLS1 to avoid dtls1_min_mtu() - DTLS not used anyway |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
162 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
163 |
List of object files for wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
164 |
---- |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
165 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
166 |
At this moment, object files for wanboot-openssl.o need to be listed explicitly. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
167 |
This is cumbersome and relatively tedious with respect to upgrading to higher |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
168 |
version of openssl. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
169 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
170 |
In future, it would be nice, if this could be performed automatically by the |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
171 |
linker. The required interface for wanboot is already defined in a mapfile and |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
172 |
linker option '-zdiscard-unused=sections,files' is already used to discard |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
173 |
unused code. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
174 |
But sadly, at this moment when the linker is given all the object files, it |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
175 |
correctly discards some unused files, but references to undefined symbols from |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
176 |
the discarded files don't get discarded along. Later, these undefined references |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
177 |
cause wanboot linking failure. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
178 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
179 |
In order to determine which openssl object files are required for wanboot, |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
180 |
first build static standalone openssl bits in Userland. As a site effect, |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
181 |
static libraries libssl.a and libcrypto.a are created in build/sparcv9-wanboot. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
182 |
|
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
183 |
$ cd $USERLAND/components/openssl/openssl-1.0.1 ; gmake build |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
184 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
185 |
Next, collect some information from linking wanboot static libraries in ON. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
186 |
This can be done by the following hack. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
187 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
188 |
$ cd $ON/usr/src/psm/stand/boot/sparcv9/sun4 |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
189 |
$ touch wanboot.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
190 |
$ LD_OPTIONS="-Dfiles,symbols,output=ld.dbg \ |
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
191 |
-L$USERLAND/components/openssl/openssl-1.0.1/build/sparcv9-wanboot " \ |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
192 |
WAN_OPENSSL=" -lwanboot -lssl -lcrypto" dmake all |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
193 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
194 |
The following sort of information ends up in ld.dbg (note that the debugging |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
195 |
output from the link-editor is not considered a 'stable interface' and may |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
196 |
change in the future): |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
197 |
|
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
198 |
debug: file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.1/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o) [ ET_REL ] |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
199 |
debug: |
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
200 |
debug: symbol table processing; file=/builds/tkuthan/ul-wanboot-rebuilt/components/openssl/openssl-1.0.1/build/sparcv9-wanboot/libcrypto.a(sparcv9cap.o) [ ET_REL ] |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
201 |
debug: symbol[1]=sparcv9cap.c |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
202 |
.... |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
203 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
204 |
Now run the following script in Userland: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
205 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
206 |
#!/bin/bash |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
207 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
208 |
# set to workspace paths: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
209 |
USERLAND=/builds/tkuthan/ul-wanboot-rebuilt |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
210 |
ON=/builds/tkuthan/on11u1-wanboot-rti |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
211 |
|
2931
8e563e01c224
18161027 OpenSSL 1.0.1f: ON nightly fails with missing symbol in wanboot-openssl.o
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2930
diff
changeset
|
212 |
BUILD=$USERLAND/components/openssl/openssl-1.0.1/build/sparcv9-wanboot |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
213 |
LD_DBG=$ON/usr/src/psm/stand/boot/sparcv9/sun4/ld.dbg |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
214 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
215 |
for i in `find $BUILD/crypto $BUILD/ssl -name '*.o'` |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
216 |
do |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
217 |
f=`basename $i` |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
218 |
if grep -q "^debug: file.*\<$f\>" $LD_DBG |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
219 |
then |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
220 |
echo $i | sed "s#$BUILD/##" |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
221 |
fi |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
222 |
done |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
223 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
224 |
to get the list of required object files. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
225 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
226 |
Additionally, you can format the list for including to Makefile by: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
227 |
sort | tr '\n' ' ' | fold -s -w74 | sed -e 's/^/ /' -e 's/$/\\/' |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
228 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
229 |
Linking with wanboot |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
230 |
---- |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
231 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
232 |
When linking with wanboot please pay attention to following pitfalls. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
233 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
234 |
Correct openssl header files need to be included. This is done in |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
235 |
$ON/usr/src/stand/lib/wanboot/Makefile |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
236 |
Make sure CPPFLAGS point to the right directories. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
237 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
238 |
EXTREME CAUTION needs to be employed, if WANBOOT GREW IN SIZE because of the |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
239 |
changes! |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
240 |
Wanboot is a statically linked standalone binary and it is loaded on a fixed |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
241 |
address before execution. This address is defined in |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
242 |
$ON/usr/src/psm/stand/boot/sparc/common/mapfile: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
243 |
|
3490
026457ca5815
19789902 pkcs11 engine dumps core when the softtoken is disabled
Ivo Raisr <ivo.raisr@oracle.com>
parents:
3285
diff
changeset
|
244 |
LOAD_SEGMENT text { |
026457ca5815
19789902 pkcs11 engine dumps core when the softtoken is disabled
Ivo Raisr <ivo.raisr@oracle.com>
parents:
3285
diff
changeset
|
245 |
FLAGS = READ EXECUTE; |
026457ca5815
19789902 pkcs11 engine dumps core when the softtoken is disabled
Ivo Raisr <ivo.raisr@oracle.com>
parents:
3285
diff
changeset
|
246 |
VADDR = 0x130000; |
026457ca5815
19789902 pkcs11 engine dumps core when the softtoken is disabled
Ivo Raisr <ivo.raisr@oracle.com>
parents:
3285
diff
changeset
|
247 |
ASSIGN_SECTION { |
026457ca5815
19789902 pkcs11 engine dumps core when the softtoken is disabled
Ivo Raisr <ivo.raisr@oracle.com>
parents:
3285
diff
changeset
|
248 |
TYPE = PROGBITS; |
026457ca5815
19789902 pkcs11 engine dumps core when the softtoken is disabled
Ivo Raisr <ivo.raisr@oracle.com>
parents:
3285
diff
changeset
|
249 |
FLAGS = ALLOC !WRITE; |
026457ca5815
19789902 pkcs11 engine dumps core when the softtoken is disabled
Ivo Raisr <ivo.raisr@oracle.com>
parents:
3285
diff
changeset
|
250 |
}; |
026457ca5815
19789902 pkcs11 engine dumps core when the softtoken is disabled
Ivo Raisr <ivo.raisr@oracle.com>
parents:
3285
diff
changeset
|
251 |
}; |
763
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
252 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
253 |
This address (VADDR) NEEDS TO BE GREATER THEN |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
254 |
size of wanboot binary + 0x4000 |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
255 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
256 |
The reason for this is in how wanboot is loaded by OpenBoot Prom: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
257 |
1) user initiates boot from network - "boot net" |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
258 |
2) obp loads wanboot binary at address 0x4000 |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
259 |
3) obp parses ELF header, reads virtual address where to load wanboot to |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
260 |
4) obp mem-copies .text section to this address |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
261 |
5) obp copies .data section behind .text |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
262 |
6) obp starts executing wanboot at entry address |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
263 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
264 |
If the given address is too small, obp overwrites part of .data with |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
265 |
instructions from .text in step 4. resulting in .data being corrupted. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
266 |
Initialized variables get bogus values and failure is inevitable. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
267 |
This is very hard to troubleshoot. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
268 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
269 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
270 |
Testing wanboot with new openssl |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
271 |
---- |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
272 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
273 |
With every upgrade of OpenSSL, it is necessary to make sure wanboot builds and |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
274 |
works well with the new bits. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
275 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
276 |
Provided you have a freshly built ON workspace, you can link wanboot with new |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
277 |
OpenSSL bits by redefining WAN_OPENSSL macro: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
278 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
279 |
# copy wanboot-openssl.o to ON build machine |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
280 |
cp wanboot-openssl.o /var/tmp/ |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
281 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
282 |
# prepare to rebuild wanboot |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
283 |
cd $ON |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
284 |
bldenv developer.sh |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
285 |
cd usr/src/psm/stand/boot/sparcv9/sun4 |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
286 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
287 |
# hack to force a rebuild |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
288 |
touch wanboot.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
289 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
290 |
# link new OpenSSL to wanboot |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
291 |
WAN_OPENSSL=/var/tmp/wanboot-openssl.o dmake all |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
292 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
293 |
Wanboot should build without warning. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
294 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
295 |
If there is something like this in the output: |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
296 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
297 |
Undefined first referenced |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
298 |
symbol in file |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
299 |
CRYPTO_ccm128_setiv /var/tmp/wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
300 |
SSL_get_srtp_profiles /var/tmp/wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
301 |
ssl_parse_clienthello_use_srtp_ext /var/tmp/wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
302 |
CRYPTO_gcm128_setiv /var/tmp/wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
303 |
... |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
304 |
cmac_pkey_meth /var/tmp/wanboot-openssl.o |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
305 |
ld: fatal: symbol referencing errors. No output written to wanboot |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
306 |
*** Error code 1 |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
307 |
dmake: Fatal error: Command failed for target `wanboot' |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
308 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
309 |
some additional work has to be done in OpenSSL to either satisfy the function |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
310 |
references listed in the linker error message, or to remove the calls to these |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
311 |
functions. |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
312 |
|
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
313 |
Finally, resulting wanboot binary shall be deployed on some install server and |
45da4d38492e
7156086 OpenSSL for wanboot should not be build in a separate directory
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
745
diff
changeset
|
314 |
wanbooting from this server shall be tested. |